From acb313f0e93da1dd905ff7f3157866b4a72232ad Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 9 May 2015 09:09:57 +0200 Subject: [PATCH] Added -u flag to start capture with promiscuous mode disabled --- include/NtopGlobals.h | 2 -- include/Prefs.h | 4 +++- ntopng.8 | 6 +++++- src/NtopGlobals.cpp | 4 +--- src/PF_RINGInterface.cpp | 2 +- src/PcapInterface.cpp | 2 +- src/Prefs.cpp | 20 +++++++++++++------- 7 files changed, 24 insertions(+), 16 deletions(-) diff --git a/include/NtopGlobals.h b/include/NtopGlobals.h index 92d0e290b89e..71f9c11dab65 100644 --- a/include/NtopGlobals.h +++ b/include/NtopGlobals.h @@ -28,7 +28,6 @@ class NtopGlobals { bool is_shutdown, do_decode_tunnels; time_t start_time; u_int ifMTU, snaplen; - u_int8_t promiscuousMode; Trace *trace; u_int32_t detection_tick_resolution; Mutex *mutex; @@ -40,7 +39,6 @@ class NtopGlobals { inline u_int getUptime() { return((u_int)(time(NULL)-start_time+1)); }; inline u_int getIfMTU() { return(ifMTU); }; - inline u_int8_t getPromiscuousMode() { return(promiscuousMode); }; inline u_int getSnaplen() { return(snaplen); }; inline Trace *getTrace() { return(trace); }; inline bool isShutdown() { return(is_shutdown); }; diff --git a/include/Prefs.h b/include/Prefs.h index aa51cb1c458a..fa0e5d17259c 100644 --- a/include/Prefs.h +++ b/include/Prefs.h @@ -40,7 +40,7 @@ class Prefs { Ntop *ntop; bool enable_dns_resolution, sniff_dns_responses, disable_host_persistency, categorization_enabled, httpbl_enabled, resolve_all_host_ip, change_user, daemonize, - dump_timeline, shorten_aggregation_names, enable_auto_logout, + dump_timeline, shorten_aggregation_names, enable_auto_logout, use_promiscuous_mode, disable_alerts, enable_ixia_timestamps, enable_vss_apcon_timestamps, enable_users_login, disable_localhost_login; LocationPolicy dump_hosts_to_db, dump_aggregations_to_db, sticky_hosts; @@ -187,6 +187,8 @@ class Prefs { inline char* get_es_pwd() { return(es_pwd); }; inline bool shutdownWhenDone() { return(shutdown_when_done); } inline bool are_taps_enabled() { return(enable_taps); }; + inline void set_promiscuous_mode(bool mode) { use_promiscuous_mode = mode; }; + inline bool use_promiscuous() { return(use_promiscuous_mode); }; }; #endif /* _PREFS_H_ */ diff --git a/ntopng.8 b/ntopng.8 index 600dc4517a43..3f18108eae99 100644 --- a/ntopng.8 +++ b/ntopng.8 @@ -40,6 +40,7 @@ or .IR ] .RB [ \-m .IR ] +.RB [ \-u | \-\-no\-promisc ] .RB [ \-p .IR ] .RB [ \-P ] @@ -80,7 +81,7 @@ or .IR ] .RB [ \-Z .IR ] -.RB [ \-\-shutdown-when-done ] +.RB [ \-\-shutdown\-when\-done ] .RB [ \-v ] .RB [ \-V ] .RB [ \-h ] @@ -225,6 +226,9 @@ Commas separate multiple network values. Both netmask and CIDR notation may be used, even mixed together, for instance "131.114.21.0/24,10.0.0.0/255.0.0.0". +.It \-u|\-\-no\-promisc +Disable promiscous mode when capturing from network interfaces (by default promiscuous mode is used). + .It \-p|\-\-ndpi\-protocols\ .protos This parameter is used to specify a nDPI protocol file. The format is :,:,.....@ where diff --git a/src/NtopGlobals.cpp b/src/NtopGlobals.cpp index 9c6d849a9355..da585ca5b8f8 100644 --- a/src/NtopGlobals.cpp +++ b/src/NtopGlobals.cpp @@ -25,9 +25,7 @@ NtopGlobals::NtopGlobals() { start_time = time(NULL); - ifMTU = 1514; - promiscuousMode = 1; - snaplen = 1514; + ifMTU = snaplen = 1514; file_id = 0; detection_tick_resolution = 1000; trace = new Trace(); diff --git a/src/PF_RINGInterface.cpp b/src/PF_RINGInterface.cpp index 7e8c4b1e2cf6..cf0777ae3668 100644 --- a/src/PF_RINGInterface.cpp +++ b/src/PF_RINGInterface.cpp @@ -30,7 +30,7 @@ /* **************************************************** */ PF_RINGInterface::PF_RINGInterface(const char *name) : NetworkInterface(name) { - u_int flags = ntop->getGlobals()->getPromiscuousMode() ? PF_RING_PROMISC : 0; + u_int flags = ntop->getPrefs()->use_promiscuous() ? PF_RING_PROMISC : 0; flags |= PF_RING_LONG_HEADER; flags |= PF_RING_DNA_SYMMETRIC_RSS; /* Note that symmetric RSS is ignored by non-DNA drivers */ diff --git a/src/PcapInterface.cpp b/src/PcapInterface.cpp index ccce80f3f7c7..4903c89725bc 100644 --- a/src/PcapInterface.cpp +++ b/src/PcapInterface.cpp @@ -60,7 +60,7 @@ PcapInterface::PcapInterface(const char *name) : NetworkInterface(name) { } } else { pcap_handle = pcap_open_live(ifname, ntop->getGlobals()->getSnaplen(), - ntop->getGlobals()->getPromiscuousMode(), + ntop->getPrefs()->use_promiscuous(), 500, pcap_error_buffer); if(pcap_handle) { diff --git a/src/Prefs.cpp b/src/Prefs.cpp index f32e496274c9..9bdd86e733c9 100644 --- a/src/Prefs.cpp +++ b/src/Prefs.cpp @@ -30,7 +30,7 @@ Prefs::Prefs(Ntop *_ntop) { local_networks = strdup(CONST_DEFAULT_HOME_NET","CONST_DEFAULT_LOCAL_NETS); local_networks_set = false, shutdown_when_done = false; enable_users_login = true, disable_localhost_login = false; - enable_dns_resolution = sniff_dns_responses = true; + enable_dns_resolution = sniff_dns_responses = true, use_promiscuous_mode = true; categorization_enabled = false, httpbl_enabled = false, resolve_all_host_ip = false; max_num_hosts = MAX_NUM_INTERFACE_HOSTS, max_num_flows = MAX_NUM_INTERFACE_HOSTS; data_dir = strdup(CONST_DEFAULT_DATA_DIR); @@ -160,6 +160,7 @@ void usage() { "[--callbacks-dir|-3] | Callbacks directory.\n" " | Default: %s\n" "[--dump-timeline|-C] | Enable timeline dump.\n" + "[--no-promisc|-u] | Don't set the interface in promiscuous mode.\n" "[--categorization-key|-c] | Key used to access host categorization\n" " | services (default: disabled). \n" " | Please read README.categorization for\n" @@ -319,22 +320,23 @@ void Prefs::loadNagiosDefaults() { /* ******************************************* */ static const struct option long_options[] = { - { "dns-mode", required_argument, NULL, 'n' }, - { "interface", required_argument, NULL, 'i' }, + { "categorization-key", required_argument, NULL, 'c' }, #ifndef WIN32 { "data-dir", required_argument, NULL, 'd' }, #endif - { "categorization-key", required_argument, NULL, 'c' }, - { "httpbl-key", required_argument, NULL, 'k' }, { "daemon", no_argument, NULL, 'e' }, { "core-affinity", required_argument, NULL, 'g' }, { "help", no_argument, NULL, 'h' }, - { "disable-login", required_argument, NULL, 'l' }, + { "interface", required_argument, NULL, 'i' }, { "local-networks", required_argument, NULL, 'm' }, + { "dns-mode", required_argument, NULL, 'n' }, + { "httpbl-key", required_argument, NULL, 'k' }, + { "disable-login", required_argument, NULL, 'l' }, { "ndpi-protocols", required_argument, NULL, 'p' }, { "disable-autologout", no_argument, NULL, 'q' }, { "redis", required_argument, NULL, 'r' }, { "dont-change-user", no_argument, NULL, 's' }, + { "no-promisc", no_argument, NULL, 'u' }, { "verbose", no_argument, NULL, 'v' }, { "max-num-hosts", required_argument, NULL, 'x' }, { "http-port", required_argument, NULL, 'w' }, @@ -414,6 +416,10 @@ int Prefs::setOption(int optkey, char *optarg) { dump_timeline = true; break; + case 'u': + use_promiscuous_mode = false; + break; + #ifndef WIN32 case 'd': ntop->setWorkingDir(optarg); @@ -756,7 +762,7 @@ int Prefs::loadFromCLI(int argc, char *argv[]) { u_char c; while((c = getopt_long(argc, argv, - "c:k:eg:hi:w:r:sg:m:n:p:qd:x:1:2:3:l:vA:B:CD:E:F:G:HI:S:TU:X:W:VZ:", + "c:k:eg:hi:w:r:sg:m:n:p:qd:x:1:2:3:l:uvA:B:CD:E:F:G:HI:S:TU:X:W:VZ:", long_options, NULL)) != '?') { if(c == 255) break; setOption(c, optarg);