mfontanini / libtins Goto Github PK
View Code? Open in Web Editor NEWHigh-level, multiplatform C++ network packet sniffing and crafting library.
Home Page: http://libtins.github.io/
License: BSD 2-Clause "Simplified" License
High-level, multiplatform C++ network packet sniffing and crafting library.
Home Page: http://libtins.github.io/
License: BSD 2-Clause "Simplified" License
Would it be a terrible idea to cut a new release? That would make it easier to package. Are there outstanding issues/features you wanted to add? This is working pretty stable for me, though I've only done basic stuff so far.
Hi,
I've traced failures to parse "trivial" dnames in DNS queries to DNS::compose_name.
I've changed ptr into end: (line 330 @ head)
was: if(index < 0x0c || (&records_data[0] + (index - 0x0c)) >= ptr)
now: if(index < 0x0c || (&records_data[0] + (index - 0x0c)) >= end)
Does this make sense to you? I can provide a buffer/PCAP file that re-produces this issue.
Thanks in advance,
Yotam.
At http://libtins.github.io/download/ , section "Headers", it reads:
libtins' headers are inside a directory named tins, inside your default include directory. You can include individual headers, or just
#include <tins/tins.>
, which will include all of them.
which should be #include <tins/tins.h>
.
If i compile this as .so then it'll work in ip packet parsing?
the latest version of xcode doesn't ship with autoconf, you have to install it separately:
curl -OL http://ftpmirror.gnu.org/autoconf/autoconf-2.68.tar.gz
tar -xzf autoconf-2.68.tar.gz
cd autoconf-2.68
./configure
make
sudo make install
this took me a little googling, so i suspect others will run into this too.
Sniffer is working without any issues however, the timeout configuration does not end the sniffer.
using namespace Tins;
bool callback(const PDU &pdu) {
const RawPDU &data = pdu.rfind_pdu<RawPDU>();
const RawPDU::payload_type& payload = data.payload();
return true;
}
int main() {
SnifferConfiguration config;
config.set_timeout(5);
Sniffer("lo", config).sniff_loop(callback, 1);
return 0;
}
Ive been writing a small app using your library which provides airodump-ng type functionality to mac osx .Firstly, awesome library, it was really easy to get going on this application using your beacon sniffer example as a reference. I did however have a couple of questions regarding the RF side of things.
Would you like to add the configuration script "AX_PTHREAD" to your build specification?
Hi everyone,
we now have a new build system. You should have a look at this post in the Google group to read about this.
Cheers,
Matias
My code is this
bool print(TCPStream &www){
const RawPDU::payload_type& payload = www.server_payload();
std::cout<<payload.size()<<std::endl;
return true;
}
int main() {
Sniffer eth("eth0");
TCPStreamFollower test = TCPStreamFollower();
test.follow_streams(eth,print);
return 1;
}
And captured the Ubuntu downloading. (http://releases.ubuntu.com/12.04/ubuntu-12.04.4-desktop-i386.iso)
Ubuntu size is more than 700mb. But stop at 20mb.
What is the problem?
Hellow Friends
I have problem with using our library on Windows x64 Ultimate and VS 2013
The project compiling is success, bun when i runing examples i get memory leak error
what happen?
when i compile tins in vs i get many waring like this:
Warning 1 warning C4820: '_wfinddata64i32_t' : '4' bytes padding added after data member '_wfinddata64i32_t::attrib' C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\include\wchar.h 119
Hello,
First of all, thanks for this good library! It can make my life much easier.
My question is, is it possible that you modify the payload of a packet before it gets sent in sniffer mode? If I want to do packet injection, can I leverage this library? If so, might you give an example?
Thanks a lot!
Hello there,
First of all I'd like to state that this is a really interesting library and that it's pretty unique (couldn't find anything else doing the same in C++). I have been trying for a couple hours to link the library with Qt Creator and I haven't managed to succeed... (Same for Visual Studio 2013)
Winpcap linking works just fine.
I also compiled the library multiple times incase that was the problem. (Compiled with VS, compiled with cmake, compiled with C++11 flag and without, etc)
I would appreciate any help as I am really keen on this specific library, thank you.
I'm trying to compile the latest sources using VS2013 targeting x64, but I'm getting compilation errors in include/tins/internals.h. VS2013 doesn't like this template:
template <class T, class P, class=void>
struct accepts_type : std::false_type { };
template <class T, class P>
struct accepts_type<T, P,
typename std::enable_if<
std::is_same< decltype( std::declval<T>()(std::declval<P>()) ), bool>::value
>::type
> : std::true_type { };
Which would be a bug (or lack of support) in VS2013, as it compiles fine elsewhere.
However, I'm getting this even when configuring with LIBTINS_ENABLE_CXX11=0. It seems the TINS_IS_CXX11 definition in cxxstd.h does not check the HAVE_CXX11 macro from config.h.
I want to create a simple program which allows me to establish a TCP connection and sends packets of data. By following the tutorial I wrote this:
PacketSender sender;
try {
IP pkt = IP("127.0.0.1") / TCP(1111) / RawPDU("I'm a payload!");
sender.send(pkt);
}
catch(socket_open_error){
cout << "socket open error" << endl;
return false;
}
By testing the program I did 'nc -lk 1111'
However when running the program I enter the catch block.
First off, wanted to say thank you for all the hard work on this library. Certainly beats rolling all this myself.
I'm wondering if there's any means to retain the pcap header timestamps through the sniff_loop execution. It appears (though please correct me if I'm mistaken) that there is no overload to take in a loop functor with a Packet& argument instead of a PDU, and as near as I can tell that effectively makes retrieving the original pcap pkthdr timestamp impossible via the loop api.
There are a few ways I could see solving this with either new loop methods, overloads, or some relatively gnarly SFINAE, but I'm not sure what you'd have in mind.
I'm trying to execute the beacon_display example but I get this uncaught exception :
terminate called after throwing an instance of 'std::runtime_error'
what(): wlan0: That device doesn't support monitor mode
But I think my device is capable of monitor mode because
I did :
sudo ifconfig wlan0 down
sudo iwconfig wlan0 mode monitor
sudo ifconfig wlan0 up
(use sudo iwconfig wlan0 mode managed to restore normal mode)
then sudo iwconfig shows that I'm in monitor mode.
and then sudo tcpdump -i wlan0 -n
is able to monitor raw signals :
00:24:12.344248 6.0 Mb/s 2457 MHz 11g -53dB signal antenna 1 CF-End RA:ff:ff:ff:ff:ff:ff
00:24:12.344844 54.0 Mb/s 2457 MHz 11g -53dB signal antenna 1 CF +QoS Data IV:697676 Pad 20 KeyID 0
00:24:12.344860 24.0 Mb/s 2457 MHz 11g -56dB signal antenna 1 Acknowledgment RA:00:1f:3b:73:97:6f
00:24:12.349370 1.0 Mb/s 2457 MHz 11b -87dB signal antenna 1 Beacon (FreeboxDucout) [1.0* 2.0* 5.5* 11.0* 9.0 18.0 36.0 54.0 Mbit] ESS CH: 11, PRIVACY
Could you please advice ?
Thank you
Hi again :)
As always thank you very much for your time developing libtins. As with merge request #45 pkg-config support was re-added to current master. We heavily use libtins at work at it would be very useful if a new release is published, as we could streamline our development process, build system and yocto recipes.
Thanks in advance for your consideration.
first: amazing library. i can see it's aimed at linux users, but i'm trying to get it running more comfortably on os x.
on os x there is no iwconfig
, and i can't find any other way to create a virtual interface for monitor mode on my wireless interface. so when i want to use monitor mode i need to call pcap_set_rfmon()
. here's a snippet from a pcap-only program i was writing:
string interface = "en0";
pcap = pcap_create(interface.c_str(), errbuf);
pcap_set_rfmon(pcap, 1);
pcap_set_snaplen(pcap, 2048);
pcap_set_promisc(pcap, 1);
pcap_set_timeout(pcap, 512);
pcap_activate(pcap);
string filter = "";
struct bpf_program fp;
pcap_compile(pcap, &fp, filter.c_str(), 0, 0);
pcap_setfilter(pcap, &fp);
right now in Sniffer
, we're using pcap_open_live()
. i looked around and pcap_open_live()
is just a wrapper for pcap_create()
plus a few other things, and is called an "old api" on the tcpdump mailing list http://seclists.org/tcpdump/2012/q1/15
my idea is to refactor of Sniffer
to use pcap_create()
, explicitly calling pcap_rfmon()
, allowing os x users to use monitor mode.
the ICMP::check()
conflicts with some kind of built in macro
i don't get this when running it with gcc, so it's either llvm causing a bug or some osx headers somewhere. because it's not a public api, i'm going to just rename it to checksum
.
I am using libtins in a project together with boost::asio (ssl wrapper) amoung some other libraries. If I include tins/tins.h after boost/asio/ssl.hpp I am not able to compile the code. If I include tins first it compiles without any errors.
I am attaching a minimal example with an empty main-block and just the two include lines which reproduces the problem.
My guess is that CERT in the QueryType in libtins dns header collides with the CERT data structure in openssl. Would an enum class or wrapping it in a struct help?
error msg
https://gist.github.com/anonymous/f9642cf29775a4137c0d
$ g++ ok.cc -ltins -lboost_system -lssl -lcrypto -std=c++11
$ g++ fails.cc -ltins -lboost_system -lssl -lcrypto -std=c++11
UPDATE:
kernel version: 3.12.37-2
libtins version: 3.1-1
boost version: boost 1.57.0-3
g++ (GCC) 4.9.2 20150204 (prerelease)
I'm trying to use the libtins in openFrameworks (32bit)
Building libtins with cmake ../
naturally produces a 64bit library, returning the linker error
ld: warning: ignoring file /usr/local/lib/libtins.dylib, file was built for x86_64 which is not the architecture being linked (i386): /usr/local/lib/libtins.dylib
Undefined symbols for architecture i386:
"Tins::SnifferConfiguration::SnifferConfiguration()", referenced from:
ofApp::setup() in ofApp.o
"Tins::SnifferConfiguration::set_filter(std::string const&)", referenced from:
ofApp::setup() in ofApp.o
ld: symbol(s) not found for architecture i386
Building libtins withcmake "-DCMAKE_OSX_ARCHITECTURES=i386" ../
instead, then the first warning disappears, indicating that the library is correctly being included, but i still get the linker error:
Undefined symbols for architecture i386:
"Tins::SnifferConfiguration::set_filter(std::string const&)", referenced from:
ofApp::setup() in ofApp.o
ld: symbol(s) not found for architecture i386
Any ideas why this won't work?
Would it be possible to include a pre-compiled 'libtins.a' library with the libtins-latest-win32 archive? Using QT projects with cross-platform intentions require a static Unix library. Including this with the pre-compiled Windows library download would really help.
(Issue changed. See below)
I have looked around libtins and can't find a simple way to fetch a filtered list of devices. I am C++ n00b so bear with me :)
I am trying to list non-loopback devices and while I can still drop into pcap to do so, I wonder if I am overlooking similar functionality in libtins.
I implemented an custom functor for passing into generic_iface_loop but then I get lost in creating a predicate to use for testing is_loopback somehow for appending to my set. I fiddled around with NetworkInterface and IPv4Address but cant wrap my head around using them... eg
//yup, I stole this
struct NonLoopbackCollector {
set<string> ifaces;
#ifdef WIN32
bool operator() (PIP_ADAPTER_ADDRESSES addr) {
//some predicate for testing this !is_loopback()
ifaces.insert(addr->AdapterName);
return false;
}
#else
bool operator() (struct ifaddrs *addr) {
//some predicate for testing this !is_loopback()
ifaces.insert(addr->ifa_name);
return false;
}
#endif
};
Should I just do this in pcap or am I being thick?
Hi,
First of all, thanks for developing Libtins! I would like to ask an enhancement:
96%] Building CXX object examples/CMakeFiles/traceroute.dir/traceroute.cpp.o
In file included from /work/gits/libtins/examples/traceroute.cpp:35:
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/c++/v1/atomic:539:2: error: <atomic>
is not implemented
#error <atomic> is not implemented
^
/work/gits/libtins/examples/traceroute.cpp:125:10: error: no type named 'atomic' in namespace 'std'
std::atomic<bool> running;
~~~~~^
/work/gits/libtins/examples/traceroute.cpp:125:16: error: expected member name or ';' after declaration specifiers
std::atomic<bool> running;
~~~~~~~~~~~^
/work/gits/libtins/examples/traceroute.cpp:57:9: warning: 'auto' type specifier is a C++11 extension [-Wc++11-extensions]
auto handler = std::bind(
^
/work/gits/libtins/examples/traceroute.cpp:57:24: error: no member named 'bind' in namespace 'std'; did you mean simply 'bind'?
auto handler = std::bind(
^~~~~~~~~
bind
/usr/include/sys/socket.h:557:5: note: 'bind' declared here
int bind(int, const struct sockaddr *, socklen_t) __DARWIN_ALIAS(bind);
^
/work/gits/libtins/examples/traceroute.cpp:58:13: error: cannot initialize a parameter of type 'int' with an rvalue of type
'bool (Traceroute::*)(Tins::PDU &)'
&Traceroute::sniff_callback,
^~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/sys/socket.h:557:13: note: passing argument to parameter here
int bind(int, const struct sockaddr *, socklen_t) __DARWIN_ALIAS(bind);
^
/work/gits/libtins/examples/traceroute.cpp:63:9: error: use of undeclared identifier 'running'
running = true;
^
/work/gits/libtins/examples/traceroute.cpp:84:13: warning: 'auto' type specifier is a C++11 extension [-Wc++11-extensions]
for(auto i = 1; i <= 10; ++i) {
^
/work/gits/libtins/examples/traceroute.cpp:100:9: error: use of undeclared identifier 'running'
running = false;
^
/work/gits/libtins/examples/traceroute.cpp:120:16: error: use of undeclared identifier 'running'
return running;
^
/work/gits/libtins/examples/traceroute.cpp:137:9: warning: 'auto' type specifier is a C++11 extension [-Wc++11-extensions]
auto results = tracer.trace();
^
/work/gits/libtins/examples/traceroute.cpp:142:23: warning: 'auto' type specifier is a C++11 extension [-Wc++11-extensions]
for(const auto &entry : results) {
^
/work/gits/libtins/examples/traceroute.cpp:142:35: warning: range-based for loop is a C++11 extension [-Wc++11-extensions]
for(const auto &entry : results) {
^
5 warnings and 8 errors generated.
make[3]: *** [examples/CMakeFiles/traceroute.dir/traceroute.cpp.o] Error 1
make[2]: *** [examples/CMakeFiles/traceroute.dir/all] Error 2
make[1]: *** [examples/CMakeFiles/examples.dir/rule] Error 2
make: *** [examples] Error 2
i wanted to be able to do something like this:
PDU *cur = &pdu;
while(cur) {
cout << cur->pdu_type() << " ";
cur = cur->inner_pdu();
}
to get an idea for the structure of a PDU. to make the output more useful i added this function, which might be helpful in the utils. or, there might be a feature of c++11 i don't know about... :)
std::ostream& operator<<(std::ostream& out, const PDU::PDUType value){
const char* s = 0;
#define ENUM_TEXT(p) case(PDU::p): s = #p; break;
switch(value){
ENUM_TEXT(RAW);
ENUM_TEXT(ETHERNET_II);
ENUM_TEXT(IEEE802_3);
ENUM_TEXT(RADIOTAP);
ENUM_TEXT(DOT11);
ENUM_TEXT(DOT11_ACK);
ENUM_TEXT(DOT11_ASSOC_REQ);
ENUM_TEXT(DOT11_ASSOC_RESP);
ENUM_TEXT(DOT11_AUTH);
ENUM_TEXT(DOT11_BEACON);
ENUM_TEXT(DOT11_BLOCK_ACK);
ENUM_TEXT(DOT11_BLOCK_ACK_REQ);
ENUM_TEXT(DOT11_CF_END);
ENUM_TEXT(DOT11_DATA);
ENUM_TEXT(DOT11_CONTROL);
ENUM_TEXT(DOT11_DEAUTH);
ENUM_TEXT(DOT11_DIASSOC);
ENUM_TEXT(DOT11_END_CF_ACK);
ENUM_TEXT(DOT11_MANAGEMENT);
ENUM_TEXT(DOT11_PROBE_REQ);
ENUM_TEXT(DOT11_PROBE_RESP);
ENUM_TEXT(DOT11_PS_POLL);
ENUM_TEXT(DOT11_REASSOC_REQ);
ENUM_TEXT(DOT11_REASSOC_RESP);
ENUM_TEXT(DOT11_RTS);
ENUM_TEXT(DOT11_QOS_DATA);
ENUM_TEXT(LLC);
ENUM_TEXT(SNAP);
ENUM_TEXT(IP);
ENUM_TEXT(ARP);
ENUM_TEXT(TCP);
ENUM_TEXT(UDP);
ENUM_TEXT(ICMP);
ENUM_TEXT(BOOTP);
ENUM_TEXT(DHCP);
ENUM_TEXT(EAPOL);
ENUM_TEXT(RC4EAPOL);
ENUM_TEXT(RSNEAPOL);
ENUM_TEXT(DNS);
ENUM_TEXT(LOOPBACK);
ENUM_TEXT(IPv6);
ENUM_TEXT(ICMPv6);
ENUM_TEXT(SLL);
ENUM_TEXT(DHCPv6);
ENUM_TEXT(DOT1Q);
ENUM_TEXT(PPPOE);
ENUM_TEXT(STP);
ENUM_TEXT(PPI);
ENUM_TEXT(IPSEC_AH);
ENUM_TEXT(IPSEC_ESP);
ENUM_TEXT(USER_DEFINED_PDU);
}
#undef ENUM_TEXT
return out << s;
}
Hi,
We are using libtins library in one of my project. Its simply superb.
We need some following features,
If you are okay to make above features from my side, I can do it and send patch to you. you can review and apply patch if its okay. Please throw you thoughts.
Found following issues:
"cmake ../libtins/ -DCMAKE_FIND_ROOT_PATH=/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/usr/ -DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY=ONLY -DCMAKE_CXX_COMPILER=/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/bin/mips-openwrt-linux-uclibc-g++ -DLIBTINS_ENABLE_WPA2=1 -DCMAKE_INSTALL_PREFIX:PATH=/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/ -DLIBTINS_ENABLE_CXX11=1 -DPCAP_INCLUDE_DIR=/home/openwrt/libtins/pcap/install_pcap/include/ -DPCAP_LIBRARY=/home/openwrt/libtins/pcap/install_pcap/lib/"
-- Looking for pcap_get_pfring_id - not found
-- Performing Test _HAS_CXX11_FLAG
-- Performing Test _HAS_CXX11_FLAG - Success
-- Checking C++11 support for "func"
-- Checking C++11 support for "func": not supported
-- Checking C++11 support for "auto"
-- Checking C++11 support for "auto": not supported
-- Checking C++11 support for "auto_ret_type"
-- Checking C++11 support for "auto_ret_type": not supported
-- Checking C++11 support for "class_override_final"
-- Checking C++11 support for "class_override_final": not supported
-- Checking C++11 support for "constexpr"
-- Checking C++11 support for "constexpr": not supported
-- Checking C++11 support for "cstdint"
-- Checking C++11 support for "cstdint": not supported
-- Checking C++11 support for "decltype"
-- Checking C++11 support for "decltype": not supported
-- Checking C++11 support for "initializer_list"
-- Checking C++11 support for "initializer_list": not supported
-- Checking C++11 support for "lambda"
-- Checking C++11 support for "lambda": not supported
-- Checking C++11 support for "long_long"
-- Checking C++11 support for "long_long": not supported
-- Checking C++11 support for "nullptr"
-- Checking C++11 support for "nullptr": not supported
-- Checking C++11 support for "regex"
-- Checking C++11 support for "regex": not supported
-- Checking C++11 support for "rvalue-references"
-- Checking C++11 support for "rvalue-references": not supported
-- Checking C++11 support for "sizeof_member"
-- Checking C++11 support for "sizeof_member": not supported
-- Checking C++11 support for "static_assert"
-- Checking C++11 support for "static_assert": not supported
-- Checking C++11 support for "variadic_templates"
-- Checking C++11 support for "variadic_templates": not supported
CMake Error at CMakeLists.txt:72 (MESSAGE):
C++11 features requested but the compiler does not support them.
I commented out all check points and added "-std=c++11" flag in flags.make file, its working. Am not sure, what went wrong while configuring to enable c++11 features.
Could you please help me to solve above issues.
Please let me know if you need further information.
Thanks and Regards,
Prasad
I've noticed the BaseSniffer class has a get_fd() method that is never called. Would it be possible to create a parameter in the sniffer to control the maximum amount of time it blocks if no packets are received?
What I'd like to achieve is an implementation which handles packets in sniff_loop as they arrive (setting timeout to 0), but which would be able to periodically check for a stop condition if no packets are received.
Thanks in advance.
I added tins in Qt and while running following code:
void MainWindow::on_pushButton_clicked()
{
//Sniffer("eth0").Tins::Sniffer::sniff_loop(callback);
Sniffer sniffer("wlan0", Sniffer::PROMISC);
// Only capture udp packets sent to port 53
sniffer.set_filter("udp and dst port 53");
// Start the capture
sniffer.sniff_loop(callback);
}
bool MainWindow::callback(const PDU &pdu) {
const IP &ip = pdu.rfind_pdu(); // Find the IP layer
const TCP &tcp = pdu.rfind_pdu(); // Find the TCP layer
std::cout << ip.src_addr() << ':' << tcp.sport() << " -> "
<< ip.dst_addr() << ':' << tcp.dport() << std::endl;
return true;
}
I get this error:
/home/sanket/workspace/canBeFinal/mainwindow.cpp:30: error: no matching function for call to 'Tins::Sniffer::sniff_loop()'
sniffer.sniff_loop(callback);
^
../canBeFinal/mainwindow.cpp: In member function 'void MainWindow::on_pushButton_clicked()':
../canBeFinal/mainwindow.cpp:30:36: error: no matching function for call to 'Tins::Sniffer::sniff_loop()'
sniffer.sniff_loop(callback);
^
../canBeFinal/mainwindow.cpp:30:36: note: candidate is:
In file included from /usr/local/include/tins/tins.h:54:0,
from ../canBeFinal/mainwindow.h:5,
from ../canBeFinal/mainwindow.cpp:1:
/usr/local/include/tins/sniffer.h:577:10: note: void Tins::BaseSniffer::sniff_loop(Functor, uint32_t) [with Functor = bool (MainWindow::)(const Tins::PDU&); uint32_t = unsigned int]
void Tins::BaseSniffer::sniff_loop(Functor function, uint32_t max_packets) {
^
/usr/local/include/tins/sniffer.h:577:10: note: no known conversion for argument 1 from '' to 'bool (MainWindow::)(const Tins::PDU&)'
make: *** [mainwindow.o] Error 1
15:07:15: The process "/usr/bin/make" exited with code 2.
Error while building/deploying project canBeFinal (kit: Desktop Qt 5.3 GCC 64bit)
When executing step 'Make'
15:07:15: Elapsed time: 00:01.
I have defined callback() function in Header file already.
Please help. Thank You.
If encode_domain_name is passed the empty string (""), too many bytes are added to the qname/name fields in the DNS payload.
Encoding the empty string results in "\0\0" instead of "\0".
I configured using
./configure --enable-c++11 --disable-dot11 --enable-static
I run into this compile error:
https://gist.github.com/dachziegel/aee04e5eb6bb129eb26f
Ubuntu 12.04 64bit
GCC 4.8.1
Would you like to replace any double quotes by angle brackets around file names for include statements?
When I try generating an ICMPv6 header, the checksum that is automatically generated is incorrect.
I've just downloaded and installed this lib at OSX 10.9 and I tried to compile coe from 2nd part of the tutorial. I've got:
main.cpp:29:17: error: call to constructor of 'Tins::Sniffer' is ambiguous
Sniffer sniffer("eth0", promisc, "ip src 192.168.0.100");
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/local/include/tins/sniffer.h:267:9: note: candidate constructor
Sniffer(const std::string &device, unsigned max_packet_size,
^
/usr/local/include/tins/sniffer.h:281:9: note: candidate constructor
Sniffer(const std::string &device, promisc_type promisc = NON_PROMISC,
^
I'm on a Macbook Pro running 10.9.5, connected to a wireless network and trying to sniff from en0.
Compiling the latest version from github (master):
$ g++ traceroute.cpp -o traceroute -O3 -std=c++11 -lpthread -ltins
Running with any IPs:
$ ./traceroute 10.0.1.1
libc++abi.dylib: terminating
Abort trap: 6
It seems that the error is spewed out on this line:
sender.send(ip);
Which is strange because I can get the simple a simple packet sending program to work:
using namespace Tins;
int main() {
NetworkInterface iface = NetworkInterface::default_interface();
NetworkInterface::Info info = iface.addresses();
EthernetII eth("77:22:33:11:ad:ad", info.hw_addr);
eth /= IP("192.168.0.1", info.ip_addr);
eth /= TCP(13, 15);
eth /= RawPDU("I'm a payload!");
PacketSender sender;
sender.send(eth, iface);
}
The main difference from both these programs seems to be the call to send receiving the extra "iface" argument. However, since we are sending L3 packets, we shouldn't need it.
I configured using
./configure --enable-c++11 --enable-static
I run into this compile error:
https://gist.github.com/dachziegel/c382dcada844d74025a1
Ubuntu 12.04 64bit
GCC 4.8.1
I am trying to create an IPv6 packet encapsulated in another IPv6 packet, with:
IPv6 packet = IPv6("1::1", "2::2");
packet /= IPv6("3::3", "4::4");
vector<uint8_t> raw = packet.serialize();
When I serialize this packet, the next header field of the outside IPv6 packet is 0xff (instead of 0x29 (41)).
If I modify the function Internals::pdu_flag_to_ip_type to add a case for IPv6, the serialization works as expected.
Would it make sense to allow libtins to run either on top of libpcap (like it does today), or other packet capturing technologies -- which are potentially faster -- like netmap [1]?
I want to retrieve signal stregth (SSI) in dBm from sniffer of libtins, through RadioTap::dbm_signal(), but it gave wrong result (always 0). In fact, in constructor of RadioTap:
RadioTap::RadioTap(const uint8_t *buffer, uint32_t total_sz)
buffer[0x16] contains the correct SSI value.
using libtins 2.0 (libtins2-2.0-1) on Ubuntu 14.10, gcc 4.9.1
BTW: Could you please add a pointer to the raw buffer in PDU?
I tried to add pull request, but there's no branch for those and pushing a new branch fails with a 403 error - so here goes:
When ICMPv6 checsum is calculated, only calculates to the end of the ICMPv6 PDU.
If there's any payload the checksum will be wrong. Most types don't have a payload (so the checksum is correct), but ICMPv6 pings always have one, so ping6 fails.
Here´s a simple fix.
I guess that "buffer_start + full_sz" could be replaced with "buffer + total_sz" if the total_sz were not modified inside a TINS_DEBUG define.
I also added a few types to the has_options() function. There are surely more (MLD: 130-132?), so maybe a switch/case is the best way to handle all types.
diff --git a/src/icmpv6.cpp b/src/icmpv6.cpp
index 0bbff3e..374795f 100644
--- a/src/icmpv6.cpp
+++ b/src/icmpv6.cpp
@@ -196,6 +196,7 @@ void ICMPv6::write_serialization(uint8_t *buffer, uint32_t total_sz, const PDU *
#ifdef TINS_DEBUG
assert(total_sz >= header_size());
#endif
+ uint32_t full_sz = total_sz;
uint8_t *buffer_start = buffer;
_header.cksum = 0;
std::memcpy(buffer, &_header, sizeof(_header));
@@ -231,7 +232,7 @@ void ICMPv6::write_serialization(uint8_t *buffer, uint32_t total_sz, const PDU *
ipv6->dst_addr(),
size(),
Constants::IP::PROTO_ICMPV6
- ) + Utils::do_checksum(buffer_start, buffer);
+ ) + Utils::do_checksum(buffer_start, buffer_start + full_sz);
while (checksum >> 16)
checksum = (checksum & 0xffff) + (checksum >> 16);
[2]+ Done gitk
guei@ubuntu:~/git/libtins$ git diff src/icmpv6.cpp > file
guei@ubuntu:~/git/libtins$ cat file
diff --git a/src/icmpv6.cpp b/src/icmpv6.cpp
index 0bbff3e..374795f 100644
--- a/src/icmpv6.cpp
+++ b/src/icmpv6.cpp
@@ -196,6 +196,7 @@ void ICMPv6::write_serialization(uint8_t *buffer, uint32_t total_sz, const PDU *
#ifdef TINS_DEBUG
assert(total_sz >= header_size());
#endif
+ uint32_t full_sz = total_sz;
uint8_t *buffer_start = buffer;
_header.cksum = 0;
std::memcpy(buffer, &_header, sizeof(_header));
@@ -231,7 +232,7 @@ void ICMPv6::write_serialization(uint8_t *buffer, uint32_t total_sz, const PDU *
ipv6->dst_addr(),
size(),
Constants::IP::PROTO_ICMPV6
- ) + Utils::do_checksum(buffer_start, buffer);
+ ) + Utils::do_checksum(buffer_start, buffer_start + full_sz);
while (checksum >> 16)
checksum = (checksum & 0xffff) + (checksum >> 16);
this->checksum(~checksum);
@@ -239,10 +240,21 @@ void ICMPv6::write_serialization(uint8_t *buffer, uint32_t total_sz, const PDU *
}
}
-// can i haz more?
+// sequential: 133 to 137 - or possibly 130 to 137
bool ICMPv6::has_options() const {
- return type() == NEIGHBOUR_SOLICIT ||
- type() == ROUTER_ADVERT;
+ return (ROUTER_SOLICIT <= type() && type() <= REDIRECT);
+// switch (type())
+// {
+// case NEIGHBOUR_SOLICIT:
+// case NEIGHBOUR_ADVERT:
+// case ROUTER_SOLICIT:
+// case ROUTER_ADVERT:
+// case REDIRECT:
+// return true;
+// default:
+// break;
+// }
+// return false;
}
void ICMPv6::add_option(const option &option) {
Correct me if I'm wrong, but with the drop of autotools in favor of CMake the file libtins.pc.in (configured by Makefile.in) was removed.
We use libtins heavily in our development and this is be very useful for us.
Thanks for your time and for libtins.
i tried running beacon_display
:
kyle:examples kyle$ make beacon_display; ./beacon_display en0
g++ beacon_display.cpp -o beacon_display -Wall -g -O2 -ltins
libc++abi.dylib: terminating with uncaught exception of type std::runtime_error: Invalid filter
Abort trap: 6
if i change the filter to ""
(empty string), the code executes without a runtime error.
i can also use some other filters like "src net 192.168.6.170"
without errors.
in both of the above examples (empty filter, single ip src) the BeaconSniffer::callback()
is never called.
i can try to look into this more but wanted to report it first. i think you can be not-in-monitor-mode and still see some traffic from pcap, but i have to check.
I am running into an issue trying to get access to the packet timestamp. When I try to construct a Tins::Packet it tells me that it can't because the PtrPacket copy constructor is private.
I am using libtins successfully for live packet capture under OpenWrt. However, parsing of the radiotap header fails, only giving garbage. I have collected a pcap file taken with tcpdump from the Yun. This file shows valid header information in Wireshark, but the header is not correctly read by libtins (on my Ubuntu machine). This leads me to believe that the radiotap header from the Yun (Atheros AR9331) is not read correctly by libtins.
At http://libtins.github.io/download/ , section "Requirements", we could add some guides about Fedora/CentOS based systems:
For Red Hat based systems(RHEL, Fedora, CentOS, etc), you can install it executing this command as root:
yum install libpcap-devel openssl-devel
This works for me.
Low priority of course. Running the example file traceroute.cpp throws an error in VS 2013:
1> traceroute.cpp
1>traceroute.cpp(72): error C2664: 'std::thread::thread(const std::thread &)' : cannot convert argument 1 from 'void (__thiscall *)(Functor,uint32_t)' to 'void (&)(std::_Bind<true,bool,std::_Pmf_wrap<bool (__thiscall Traceroute::* )(Tins::PDU &),bool,Traceroute,Tins::PDU &>,Traceroute *const ,std::_Ph<1> &>,uint32_t)'
1> None of the functions with this name in scope match the target type
This is referencing to:
// Start the sniff thread
std::thread sniff_thread(
&Sniffer::sniff_loop<decltype(handler)>,
&sniffer,
handler,
0
);
Source code was not modified.
Hi there.
I've recently become aware of libtins and it seems like and awesome fit for some projects I'm working on. Thanks for your work.
It would be nice though to have support for QinQ and MPLS labels. It seems to me that MPLS might be a little more involved, but QinQ should be fairly straightforward to implement.
Best regards.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.