So I've been having an issue with the receive functionality with the PCap library. I set up an echo server (outside my PC) that just takes a packet and turns it around. So, in my application, I send a packet (that works fine) and I tried receiving the response packet (from the echo server) with pcap_next(). For some reason, it would wait 1 whole second to receive the packet with pcap_next(), even though Wireshark shows the packet being turned around in less than 1ms. Thus, when I send 1000 packets, it takes 1000 seconds to receive all the responses.
I couldn't figure out why it was doing that, so I tried switching to pcap_loop(). Apparently now it's doing something even more strange. I send 1000 packets, and receive 1000 packets, but not in the order I would expect.
I expect this (this is what I see on Wireshark):
Send packet #1
Receive packet #1
Send packet #2
Receive packet #2
etc.
But this is what I really get:
Send packet #1
Send packet #2
etc.
Wait 1 second
Receive packet #1
Receive packet #2
etc.
What's going on here?
The pcap loop callback routine that the libcap library uses each time it captures a packet returns a pointer to a packet that it has captured. I am a little confused as to the time period for which this "packet" memory is allocated. If I am performing calculations or even storage with each packet that pcap captures, will this memory location be overwritten while I am performing my tasks on the current packet location. It seems as though if I take too long in analyzing each packet that the data for the packet becomes corrupted or overwritten with the next packet received or I miss packets all together. Does pcap have any type of packet queuing system or is the programmer responsible for performing a memcpy on the packets returned and queuing them as soon as they are received in the callback? I am assuming under heavy network throughput the problem I am explaining above will only get worse as pcap has greater flow of packets to capture. How is pcap supposed to keep up with the large number of packets? or how am I supposed to keep up with the large number of packets received and still analyze each packet?
I'm new to using Visual Studio. I'm currently using VS .NET 2003 on Vista, and I'm trying to port a program from Linux to Windows.
The program uses the pcap library. I have installed WinPcap 4.0.2 and downloaded the Developer's Pack WpdPack_4_0_2. However, I have no idea what to do with the developer's pack, i.e. what do I do with the pcap.h and other header files/libraries so my program can use the pcap functions.
Also, one of the errors I've gotten was that the file dirent.h cannot
be found. Is there some way to workaround this problem, i.e. some
library that I can download and use so I don't have to change my code? If not, what are the alternatives?
Lastly, I seem to get a lot of syntax errors. The program was able to
compile and run without errors in Linux. One of these errors are
"error C2085: '<function name>': not in formal parameter list." These errors occur in the header file which is in the following format:
#ifndef HEADER_H
#define HEADER_H
/* Bunch of #include and #define statements */
/* Struct declarations */
/* Here's where the errors are */
static void *Function1(int n);
int Function2(ABC *x); //ABC is a self-defined structure declared in
this header file
ABC *Function3(void *a);
static inline void Function4(unsigned char *c, unsigned char *d, int
e);
/* There is also a C2061: syntax error: identifier 'inline' for the
following line */
inline int Function5(ABC *x, unsigned char *f, int g);
#endif
I am trying to implement a network sniffer applicatio in C++ on unix system.
For this application I need to include pcap library files (pcap.h) in my main file. But when I try to compile my main file I am getting a problem that pcap.h file is not found. So, the question is how to include the pcap library files in to my system to avoid the ' header file not found' problem.
Some body Please clear my question in advance.
{edit: I am cross posting this from my primary thread outside...can some one tell me which is the correct place to post queries like this? Here, or my original thread outside? }
Hello everyone,
I am new to the world of Linux Programming.
As part of learning to use the pcap library, I downloaded a basic libpcap program.
The program is a very basic one, just looks at the available network devices and prints some info on them. The error that gcc gives me says "undefined reference". The details are below.
The program goes like this.
/* ldev.c
Martin Casado
Looks for an interface, and lists the network ip
and mask associated with that interface.
*/
#include <stdio.h>
#include <stdlib.h>
#include <pcap.h> /* GIMME a libpcap plz! */
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
int main(int argc, char **argv)
{
char *dev; /* name of the device to use */
char *net; /* dot notation of the network address */
char *mask;/* dot notation of the network mask */
int ret; /* return code */
char errbuf[PCAP_ERRBUF_SIZE];
bpf_u_int32 netp; /* ip */
bpf_u_int32 maskp;/* subnet mask */
struct in_addr addr;
/* ask pcap to find a valid device for use to sniff on */
dev = pcap_lookupdev(errbuf);
/* error checking */
if(dev == NULL)
{
printf("%s\n",errbuf);
exit(1);
}
/* print out device name */
printf("DEV: %s\n",dev);
/* ask pcap for the network address and mask of the device */
ret = pcap_lookupnet(dev,&netp,&maskp,errbuf);
if(ret == -1)
{
printf("%s\n",errbuf);
exit(1);
}
/* get the network address in a human readable form */
addr.s_addr = netp;
net = inet_ntoa(addr);
if(net == NULL)/* thanks Scott :-P */
{
perror("inet_ntoa");
exit(1);
}
printf("NET: %s\n",net);
/* do the same as above for the device's mask */
addr.s_addr = maskp;
mask = inet_ntoa(addr);
if(mask == NULL)
{
perror("inet_ntoa");
exit(1);
}
printf("MASK: %s\n",mask);
return 0;
}
I saved the file as lcap.c, rather than ldev.c as mentioned by the original author.
On trying to compile with gcc , I get this:
suneil@Family:~/Desktop/code$ gcc -o lcap lcap.c
/tmp/ccGCEcAx.o: In function `main':
lcap.c:(.text+0x2a): undefined reference to `pcap_lookupdev'
lcap.c:(.text+0x82): undefined reference to `pcap_lookupnet'
collect2: ld returned 1 exit status
suneil@Family:~/Desktop/code$
but that error doesn't make sense, because in the pcap.h header file, the two functions are defined: (scroll down a bit, the defn's are highlighted)
#ifndef lib_pcap_h
#define lib_pcap_h
#include <sys/types.h>
#include <sys/time.h>
#include <net/bpf.h>
#include <stdio.h>
#ifdef __cplusplus
extern "C" {
#endif
#define PCAP_VERSION_MAJOR 2
#define PCAP_VERSION_MINOR 4
#define PCAP_ERRBUF_SIZE 256
/*
* Compatibility for systems that have a bpf.h that
* predates the bpf typedefs for 64-bit support.
*/
#if BPF_RELEASE - 0 < 199406
typedef int bpf_int32;
typedef u_int bpf_u_int32;
#endif
typedef struct pcap pcap_t;
typedef struct pcap_dumper pcap_dumper_t;
typedef struct pcap_if pcap_if_t;
typedef struct pcap_addr pcap_addr_t;
/*
* The first record in the file contains saved values for some
* of the flags used in the printout phases of tcpdump.
* Many fields here are 32 bit ints so compilers won't insert unwanted
* padding; these files need to be interchangeable across architectures.
*
* Do not change the layout of this structure, in any way (this includes
* changes that only affect the length of fields in this structure).
*
* Also, do not change the interpretation of any of the members of this
* structure, in any way (this includes using values other than
* LINKTYPE_ values, as defined in "savefile.c", in the "linktype"
* field).
*
*
*/
struct pcap_file_header {
bpf_u_int32 magic;
u_short version_major;
u_short version_minor;
bpf_int32 thiszone; /* gmt to local correction */
bpf_u_int32 sigfigs; /* accuracy of timestamps */
bpf_u_int32 snaplen; /* max length saved portion of each pkt */
bpf_u_int32 linktype; /* data link type (LINKTYPE_*) */
};
/*
* Each packet in the dump file is prepended with this generic header.
* This gets around the problem of different headers for different
* packet interfaces.
*/
struct pcap_pkthdr {
struct timeval ts; /* time stamp */
bpf_u_int32 caplen; /* length of portion present */
bpf_u_int32 len; /* length this packet (off wire) */
};
/*
* As returned by the pcap_stats()
*/
struct pcap_stat {
u_int ps_recv; /* number of packets received */
u_int ps_drop; /* number of packets dropped */
u_int ps_ifdrop; /* drops by interface XXX not yet supported */
};
/*
* Item in a list of interfaces.
*/
struct pcap_if {
struct pcap_if *next;
char *name; /* name to hand to "pcap_open_live()" */
char *description; /* textual description of interface, or NULL */
struct pcap_addr *addresses;
u_int flags; /* PCAP_IF_ interface flags */
};
#define PCAP_IF_LOOPBACK 0x00000001 /* interface is loopback */
/*
* Representation of an interface address.
*/
struct pcap_addr {
struct pcap_addr *next;
struct sockaddr *addr; /* address */
struct sockaddr *netmask; /* netmask for that address */
struct sockaddr *broadaddr; /* broadcast address for that address */
struct sockaddr *dstaddr; /* P2P destination address for that address */
};
typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *,
const u_char *);
char *pcap_lookupdev(char *);
int pcap_lookupnet(char *, bpf_u_int32 *, bpf_u_int32 *, char *);
pcap_t *pcap_open_live(char *, int, int, int, char *);
pcap_t *pcap_open_dead(int, int);
pcap_t *pcap_open_offline(const char *, char *);
void pcap_close(pcap_t *);
int pcap_loop(pcap_t *, int, pcap_handler, u_char *);
int pcap_dispatch(pcap_t *, int, pcap_handler, u_char *);
const u_char*
pcap_next(pcap_t *, struct pcap_pkthdr *);
int pcap_stats(pcap_t *, struct pcap_stat *);
int pcap_setfilter(pcap_t *, struct bpf_program *);
int pcap_getnonblock(pcap_t *, char *);
int pcap_setnonblock(pcap_t *, int, char *);
void pcap_perror(pcap_t *, char *);
char *pcap_strerror(int);
char *pcap_geterr(pcap_t *);
int pcap_compile(pcap_t *, struct bpf_program *, char *, int,
bpf_u_int32);
int pcap_compile_nopcap(int, int, struct bpf_program *,
char *, int, bpf_u_int32);
void pcap_freecode(struct bpf_program *);
int pcap_datalink(pcap_t *);
int pcap_snapshot(pcap_t *);
int pcap_is_swapped(pcap_t *);
int pcap_major_version(pcap_t *);
int pcap_minor_version(pcap_t *);
/* XXX */
FILE *pcap_file(pcap_t *);
int pcap_fileno(pcap_t *);
pcap_dumper_t *pcap_dump_open(pcap_t *, const char *);
void pcap_dump_close(pcap_dumper_t *);
void pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *);
int pcap_findalldevs(pcap_if_t **, char *);
void pcap_freealldevs(pcap_if_t *);
/* XXX this guy lives in the bpf tree */
u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
int bpf_validate(struct bpf_insn *f, int len);
char *bpf_image(struct bpf_insn *, int);
void bpf_dump(struct bpf_program *, int);
#ifdef __cplusplus
}
#endif
#endif
Am i doing something wrong in my compile process? Help/Suggestions please on how to get this working.
Thanks,
Nuttycat
EDIT:
Just for info:
About 10 mins before I ran the compile process, I got the libpcap devl lib using apt-get
suneil@Family:/$ sudo apt-get install libpcap-dev
This installed without any errors.
I am trying to set my device to monitor mode, and i know its capable of being in monitor mode as doing a "iwconfig wlan0 mode monitor" works, i run my code and i can capture packets from anywhere.
The problem is that in libpcap it fails to set my device to monitor mode at all(without entering the above-mentioned command line).I can't capture any packets until i manually connect to a access point.
pcap_t *handler = pcap_create("wlan0",errbuff);
if(pcap_set_rfmon(handler,1)==0 )
{
std::cout << "monitor mode enabled" << std::endl;
}
handler=pcap_open_live ("wlan0", 2048,0,512,errbuff);
int status = pcap_activate(handler); //it returns 0 here.
pcap_loop(handler, 10 ,procPacket, NULL );
so is this a code problem, or the pcap library problem?Anybody successfully set their device to monitor mode without using command lines?I am using a Realtek2500/netbeans 6.9 btw.
(Continued, sort of, from here. (http://ubuntuforums.org/showthread.php?t=497906))
I'm trying to use the pcap library to sniff packets on a machine, and I've run into a small problem.
The function pcap_loop() is used to listen for a specified number of packets. However, it has no timeout and will listen indefinitely for that number of packets. I want to impose a restriction on the amount of time that pcap_loop() will wait to receive a packet, because in the situation I'm in I don't know *if* I'll receive a packet, but I do know after how long I can assume that I'll never receive one.
The pcap_dispatch() offers a timeout function, but it's dependent on the system it's running and apparently Feisty doesn't satisfy it. Regardless, it's unreliable and not something I want to depend on should I move it to other computers.
My question isn't pcap-specific, though. I'd like to know if there's a way to execute an infinitely-looping function and forcibly kill it at a certain time. Maybe, would it be possible to start the function in a separate thread, maybe, and then kill the thread, or something like that?
Any suggestions would be appreciated.
I am new to the world of Linux Programming.
As part of learning to use the pcap library, I downloaded a basic libpcap program.
The program is a very basic one, just looks at the available network devices and prints some info on them.
The program goes like this.
/* ldev.c
Martin Casado
Looks for an interface, and lists the network ip
and mask associated with that interface.
*/
#include <stdio.h>
#include <stdlib.h>
#include <pcap.h> /* GIMME a libpcap plz! */
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
int main(int argc, char **argv)
{
char *dev; /* name of the device to use */
char *net; /* dot notation of the network address */
char *mask;/* dot notation of the network mask */
int ret; /* return code */
char errbuf[PCAP_ERRBUF_SIZE];
bpf_u_int32 netp; /* ip */
bpf_u_int32 maskp;/* subnet mask */
struct in_addr addr;
/* ask pcap to find a valid device for use to sniff on */
dev = pcap_lookupdev(errbuf);
/* error checking */
if(dev == NULL)
{
printf("%s\n",errbuf);
exit(1);
}
/* print out device name */
printf("DEV: %s\n",dev);
/* ask pcap for the network address and mask of the device */
ret = pcap_lookupnet(dev,&netp,&maskp,errbuf);
if(ret == -1)
{
printf("%s\n",errbuf);
exit(1);
}
/* get the network address in a human readable form */
addr.s_addr = netp;
net = inet_ntoa(addr);
if(net == NULL)/* thanks Scott :-P */
{
perror("inet_ntoa");
exit(1);
}
printf("NET: %s\n",net);
/* do the same as above for the device's mask */
addr.s_addr = maskp;
mask = inet_ntoa(addr);
if(mask == NULL)
{
perror("inet_ntoa");
exit(1);
}
printf("MASK: %s\n",mask);
return 0;
}
I saved the file as lcap.c, rather than ldev.c as mentioned by the original author.
On trying to compile with gcc , I get this:
suneil@Family:~/Desktop/code$ gcc -o lcap lcap.c
/tmp/ccGCEcAx.o: In function `main':
lcap.c:(.text+0x2a): undefined reference to `pcap_lookupdev'
lcap.c:(.text+0x82): undefined reference to `pcap_lookupnet'
collect2: ld returned 1 exit status
suneil@Family:~/Desktop/code$
but that error doesn't make sense, because in the pcap.h header file, the two functions are defined: (scroll down a bit, the defn's are highlighted)
#ifndef lib_pcap_h
#define lib_pcap_h
#include <sys/types.h>
#include <sys/time.h>
#include <net/bpf.h>
#include <stdio.h>
#ifdef __cplusplus
extern "C" {
#endif
#define PCAP_VERSION_MAJOR 2
#define PCAP_VERSION_MINOR 4
#define PCAP_ERRBUF_SIZE 256
/*
* Compatibility for systems that have a bpf.h that
* predates the bpf typedefs for 64-bit support.
*/
#if BPF_RELEASE - 0 < 199406
typedef int bpf_int32;
typedef u_int bpf_u_int32;
#endif
typedef struct pcap pcap_t;
typedef struct pcap_dumper pcap_dumper_t;
typedef struct pcap_if pcap_if_t;
typedef struct pcap_addr pcap_addr_t;
/*
* The first record in the file contains saved values for some
* of the flags used in the printout phases of tcpdump.
* Many fields here are 32 bit ints so compilers won't insert unwanted
* padding; these files need to be interchangeable across architectures.
*
* Do not change the layout of this structure, in any way (this includes
* changes that only affect the length of fields in this structure).
*
* Also, do not change the interpretation of any of the members of this
* structure, in any way (this includes using values other than
* LINKTYPE_ values, as defined in "savefile.c", in the "linktype"
* field).
*
*
*/
struct pcap_file_header {
bpf_u_int32 magic;
u_short version_major;
u_short version_minor;
bpf_int32 thiszone; /* gmt to local correction */
bpf_u_int32 sigfigs; /* accuracy of timestamps */
bpf_u_int32 snaplen; /* max length saved portion of each pkt */
bpf_u_int32 linktype; /* data link type (LINKTYPE_*) */
};
/*
* Each packet in the dump file is prepended with this generic header.
* This gets around the problem of different headers for different
* packet interfaces.
*/
struct pcap_pkthdr {
struct timeval ts; /* time stamp */
bpf_u_int32 caplen; /* length of portion present */
bpf_u_int32 len; /* length this packet (off wire) */
};
/*
* As returned by the pcap_stats()
*/
struct pcap_stat {
u_int ps_recv; /* number of packets received */
u_int ps_drop; /* number of packets dropped */
u_int ps_ifdrop; /* drops by interface XXX not yet supported */
};
/*
* Item in a list of interfaces.
*/
struct pcap_if {
struct pcap_if *next;
char *name; /* name to hand to "pcap_open_live()" */
char *description; /* textual description of interface, or NULL */
struct pcap_addr *addresses;
u_int flags; /* PCAP_IF_ interface flags */
};
#define PCAP_IF_LOOPBACK 0x00000001 /* interface is loopback */
/*
* Representation of an interface address.
*/
struct pcap_addr {
struct pcap_addr *next;
struct sockaddr *addr; /* address */
struct sockaddr *netmask; /* netmask for that address */
struct sockaddr *broadaddr; /* broadcast address for that address */
struct sockaddr *dstaddr; /* P2P destination address for that address */
};
typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *,
const u_char *);
char *pcap_lookupdev(char *);
int pcap_lookupnet(char *, bpf_u_int32 *, bpf_u_int32 *, char *);
pcap_t *pcap_open_live(char *, int, int, int, char *);
pcap_t *pcap_open_dead(int, int);
pcap_t *pcap_open_offline(const char *, char *);
void pcap_close(pcap_t *);
int pcap_loop(pcap_t *, int, pcap_handler, u_char *);
int pcap_dispatch(pcap_t *, int, pcap_handler, u_char *);
const u_char*
pcap_next(pcap_t *, struct pcap_pkthdr *);
int pcap_stats(pcap_t *, struct pcap_stat *);
int pcap_setfilter(pcap_t *, struct bpf_program *);
int pcap_getnonblock(pcap_t *, char *);
int pcap_setnonblock(pcap_t *, int, char *);
void pcap_perror(pcap_t *, char *);
char *pcap_strerror(int);
char *pcap_geterr(pcap_t *);
int pcap_compile(pcap_t *, struct bpf_program *, char *, int,
bpf_u_int32);
int pcap_compile_nopcap(int, int, struct bpf_program *,
char *, int, bpf_u_int32);
void pcap_freecode(struct bpf_program *);
int pcap_datalink(pcap_t *);
int pcap_snapshot(pcap_t *);
int pcap_is_swapped(pcap_t *);
int pcap_major_version(pcap_t *);
int pcap_minor_version(pcap_t *);
/* XXX */
FILE *pcap_file(pcap_t *);
int pcap_fileno(pcap_t *);
pcap_dumper_t *pcap_dump_open(pcap_t *, const char *);
void pcap_dump_close(pcap_dumper_t *);
void pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *);
int pcap_findalldevs(pcap_if_t **, char *);
void pcap_freealldevs(pcap_if_t *);
/* XXX this guy lives in the bpf tree */
u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
int bpf_validate(struct bpf_insn *f, int len);
char *bpf_image(struct bpf_insn *, int);
void bpf_dump(struct bpf_program *, int);
#ifdef __cplusplus
}
#endif
#endif
Am i doing something wrong in my compile process? Help/Suggestions please on how to get this working.
Thanks,
Nuttycat
EDIT:
Just for info:
About 10 mins before I ran the compile process, I got the libpcap devl lib using apt-get
suneil@Family:/$ sudo apt-get install libpcap-dev
This installed without any errors.
I am cross posting this into the sub forum "Packaging and Compiling Programs" also. Cause I am not sure where this query actually belongs. Can someone give me a head's up on this also?
How do you install PCAP Lib?
I've gone into Synpatic Package Manager and did a search for PCAP Lib and tried installing a couple of different packages, but I'm still having issues with installing my app that has a dependency for PCAP Lib?
When I try and install my app from a terminal session, I get the message:
checking for pcap open live in -lpcap
error: pcap library not found!
i m trying to develop an application to block packets(using c++)(like a firewall).
i have tried pcap library , but it doesnot block packet just captures them.
can anybody please suggest some solution to it !!
Has something changed in the way streams handles sourcing from a udp port in the new version (1.2)?
I'm asking because some code that working a previous version no longer works. Here's the
scenario: I need to read packets from a network interface and bring them into streams.
To do this, I created a stand-alone spade application which reads from a specified interface
(using the pcap library) and sends it out a udp port like this
vstream pcapSchema {
ts:LongList,
len:Integer,
caplen:Integer,
pcaket:ByteList
}
stream PacketStream (schemaFor(pcapSchema))
:= Udop() ["pcapStream"] { device="eth2" }
Nil := Sink(PacketStream) ["cudp://localhost:12345/", binFormat] {}
stream PacketStream (schemaFor(pcapSchema))
:= Source() ["sudp://localhost:12345/", binFormat] {}
Nil := Sink(PacketStream) ["file:///packetStream.csv", csvFormat] {}
I want to drop some kinds of outgoing network packets sent from my computer.
How can I realize this?Is there any library with this function?
I tried pcap library,but it can only capture packets but can't drop them.
Could someone please point me in the right direction / help me with this install script?
I am installing the Dlink / Devolo homeplug devices. Downloaded the driver and config files.
But now I am getting an 'incompatible pointer type' script error
I did following:
./configure
No errors, only wierd thing was:
checking for local pcap library... not found
But I thought it wasn 't something very important.
Then I issued a ' make' command and got following error:
make
making all in tool
make[1]: Entering directory `/home/w/powerline/dLAN-linux-package-v4/tool'
gcc -O2 -Wall -DHAVE_CONFIG_H -DSON_PROCESS_NAME=\"/usr/local/sbin/dlanconfig_son\" -DDLANSOFTWARE_VERSION=\"v4\" -DSNIFFING_CHILD_PROCESS=\"dlanconfig_son\" -M sha256.c md5.c dlanconfig.c dlanconfig_son.c > .depend
gcc -O2 -Wall -DHAVE_CONFIG_H -DSON_PROCESS_NAME=\"/usr/local/sbin/dlanconfig_son\" -DDLANSOFTWARE_VERSION=\"v4\" -DSNIFFING_CHILD_PROCESS=\"dlanconfig_son\" -c -o dlanconfig_son.o dlanconfig_son.c
gcc dlanconfig_son.o -lpcap -o dlanconfig_son
gcc -O2 -Wall -DHAVE_CONFIG_H -DSON_PROCESS_NAME=\"/usr/local/sbin/dlanconfig_son\" -DDLANSOFTWARE_VERSION=\"v4\" -DSNIFFING_CHILD_PROCESS=\"dlanconfig_son\" -c -o dlanconfig.o dlanconfig.c
dlanconfig.c: In function IfOldVersion:
dlanconfig.c:754: warning: pointer targets in passing argument 1 of strstr differ in signedness
gcc -O2 -Wall -DHAVE_CONFIG_H -DSON_PROCESS_NAME=\"/usr/local/sbin/dlanconfig_son\" -DDLANSOFTWARE_VERSION=\"v4\" -DSNIFFING_CHILD_PROCESS=\"dlanconfig_son\" -c -o md5.o md5.c
gcc -O2 -Wall -DHAVE_CONFIG_H -DSON_PROCESS_NAME=\"/usr/local/sbin/dlanconfig_son\" -DDLANSOFTWARE_VERSION=\"v4\" -DSNIFFING_CHILD_PROCESS=\"dlanconfig_son\" -c -o sha256.o sha256.c
gcc dlanconfig.o md5.o sha256.o -o dlanconfig
make[1]: Leaving directory `/home/w/powerline/dLAN-linux-package-v4/tool'
making all in driver
make[1]: Entering directory `/home/w/powerline/dLAN-linux-package-v4/driver'
./kerneldir.sh /lib/modules/2.6.22-14-generic/build
make[2]: Entering directory `/usr/src/linux-headers-2.6.22-14-generic'
CC [M] /home/w/powerline/dLAN-linux-package-v4/driver/devolo_usb.o
/home/w/powerline/dLAN-linux-package-v4/driver/devolo_usb.c:22:26: error: linux/config.h: No such file or directory
/home/w/powerline/dLAN-linux-package-v4/driver/devolo_usb.c: In function devolo_read_bulk_callback:
/home/w/powerline/dLAN-linux-package-v4/driver/devolo_usb.c:153: warning: passing argument 6 of usb_fill_bulk_urb from incompatible pointer type
/home/w/powerline/dLAN-linux-package-v4/driver/devolo_usb.c: In function devolo_start_xmit:
/home/w/powerline/dLAN-linux-package-v4/driver/devolo_usb.c:249: warning: passing argument 6 of usb_fill_bulk_urb from incompatible pointer type
/home/w/powerline/dLAN-linux-package-v4/driver/devolo_usb.c: In function devolo_open:
/home/w/powerline/dLAN-linux-package-v4/driver/devolo_usb.c:358: warning: passing argument 6 of usb_fill_bulk_urb from incompatible pointer type
make[3]: *** [/home/w/powerline/dLAN-linux-package-v4/driver/devolo_usb.o] Error 1
make[2]: *** [_module_/home/w/powerline/dLAN-linux-package-v4/driver] Error 2
make[2]: Leaving directory `/usr/src/linux-headers-2.6.22-14-generic'
make[1]: *** [default] Error 2
make[1]: Leaving directory `/home/w/powerline/dLAN-linux-package-v4/driver'
make: *** [all] Error 2
I think the script is looking for a file (config.h) but cannot find it, correct?
Ok, what to do now?
NOTE:
1. Attached is the install package
2. below is the code of the makefile script, I think the error is around line 34
3. I am running Kubuntu Gutsy
makefile script :
##################################################
SHELL=/bin/bash
CC= gcc
LN_S=ln -s
VERSION=v4
DEFS=-DHAVE_CONFIG_H -DVERSION=$(VERSION)
module_prefix=/lib/modules
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
INSTALL=/usr/bin/install -c
INSTALL_PROGRAM=${INSTALL}
INSTALL_DATA=${INSTALL} -m 644
KERNELDIR=/lib/modules/2.6.22-14-generic/build
MKDIR=mkdir -p
USBDEF=-DUSBMGR=\"uhci\"
DESTDIR=
INSTALLDIR=$(DESTDIR)/lib/modules/2.6.22-14-generic/kernel/drivers/net
INSTALLDIR26=$(DESTDIR)/lib/modules/2.6.22-14-generic/extra
MODVERSION_INCLUDE=
kern26=y
DRIVER=devolo_usb
BOOTPROG=devolo
INSTALLWARNFILE=INSTALL
BOOTDIR=/etc/init.d
obj-m:=$(DRIVER).o
MODFIL=/etc/modprobe.conf
TARGET=$(DRIVER).o
.PHONY: clean distclean install uninstall installdriver installboot uninstallboot
ifeq ("$(kern26)","y")
all: default
CFLAGS +=$(USBDEF)
installdriver:
$(MKDIR) $(INSTALLDIR26) && $(INSTALL_DATA) $(DRIVER).ko $(INSTALLDIR26)
# $(MAKE) -C $(KERNELDIR) SUBDIRS=$(PWD) modules_install
uninstalltarget:
rm -f $(INSTALLDIR26)/$(DRIVER).ko && $(DEPMOD) -a
# $(MAKE) -C $(KERNELDIR) SUBDIRS=$(PWD) modules_uninstall
default:
./kerneldir.sh $(KERNELDIR)
else
CFLAGS= -Wall -Werror -Wstrict-prototypes -Wno-trigraphs -O2 -Wall -I$(KERNELDIR)/include -D__KERNEL__ -fomit-frame-pointer -fno-strict-aliasing -fno-common -pipe -mpreferred-stack-boundary=2 -march=i686 -DMODULE -DKBUILD_BASENAME=devolo_usb $(MODVERSION_INCLUDE) $(USBDEF)
all: $(TARGET)
installdriver: $(TARGET)
$(MKDIR) $(INSTALLDIR) && \
$(INSTALL_DATA) $(TARGET) $(INSTALLDIR)
uninstalltarget:
rm -f $(INSTALLDIR)/$(TARGET)
$(TARGET): $(DRIVER).c $(DRIVER).h
endif
################################################## ####
install: insdriver modulesconf message
uninstall: uninstalltarget uninstallboot
insdriver: installdriver
$(DEPMOD) -a && $(MODPROBE) $(DRIVER)
# alias string in /etc/modules.conf
modulesconf:
@if test -f $(MODFIL); then \
for i in 0 1 2 3 ; do \
STR="alias dlanusb$$i devolo_usb" ;\
grep "$$STR" $(MODFIL) || echo "$$STR" >> $(MODFIL);\
done; \
fi
message:
@echo ; \
echo "In order to have your usb driver running and configured"; \
echo "at boot, you should go into driver directory and type"; \
echo; \
echo " make installboot";\
echo
installboot: $(BOOTPROG)
@./installboot.sh
uninstallboot:
@./installboot.sh uninstall
clean:
rm -f *~ core $(DRIVER).o $(DRIVER).ko $(DRIVER).mod.*
distclean:
rm Makefile
i'm trying to build a usb network driver from source. i did install the build-essential package. her's the error i get from the make file:
help is greatly appreciated.
cheers,
simon
making all in tool
make[1]: Betrete Verzeichnis '/root/dLAN-linux-package-2.0/tool'
make[1]: Für das Ziel »all« ist nichts zu tun.
make[1]: Verlasse Verzeichnis '/root/dLAN-linux-package-2.0/tool'
making all in driver
make[1]: Betrete Verzeichnis '/root/dLAN-linux-package-2.0/driver'
make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/root/dLAN-linux-package-2.0/driver modules
make[2]: Betrete Verzeichnis '/usr/src/linux-headers-2.6.20-16-generic'
CC [M] /root/dLAN-linux-package-2.0/driver/devolo_usb.o
/root/dLAN-linux-package-2.0/driver/devolo_usb.c:22:26: error: linux/config.h: No such file or directory
/root/dLAN-linux-package-2.0/driver/devolo_usb.c: In Funktion »devolo_read_bulk_callback«:
/root/dLAN-linux-package-2.0/driver/devolo_usb.c:153: Warnung: Übergabe des Arguments 6 von »usb_fill_bulk_urb« von inkompatiblem Zeigertyp
/root/dLAN-linux-package-2.0/driver/devolo_usb.c: In Funktion »devolo_tx_timeout«:
/root/dLAN-linux-package-2.0/driver/devolo_usb.c:205: Fehler: »URB_ASYNC_UNLINK« nicht deklariert (erste Benutzung in dieser Funktion)
/root/dLAN-linux-package-2.0/driver/devolo_usb.c:205: Fehler: (Jeder nicht deklarierte Bezeichner wird nur einmal aufgeführt
/root/dLAN-linux-package-2.0/driver/devolo_usb.c:205: Fehler: für jede Funktion in der er auftritt.)
/root/dLAN-linux-package-2.0/driver/devolo_usb.c: In Funktion »devolo_start_xmit«:
/root/dLAN-linux-package-2.0/driver/devolo_usb.c:249: Warnung: Übergabe des Arguments 6 von »usb_fill_bulk_urb« von inkompatiblem Zeigertyp
/root/dLAN-linux-package-2.0/driver/devolo_usb.c: In Funktion »devolo_open«:
/root/dLAN-linux-package-2.0/driver/devolo_usb.c:358: Warnung: Übergabe des Arguments 6 von »usb_fill_bulk_urb« von inkompatiblem Zeigertyp
make[3]: *** [/root/dLAN-linux-package-2.0/driver/devolo_usb.o] Fehler 1
make[2]: *** [_module_/root/dLAN-linux-package-2.0/driver] Fehler 2
make[2]: Verlasse Verzeichnis '/usr/src/linux-headers-2.6.20-16-generic'
make[1]: *** [default] Fehler 2
make[1]: Verlasse Verzeichnis '/root/dLAN-linux-package-2.0/driver'
make: *** [all] Fehler 2
her's the configure.log:
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by dlantool configure 2.0, which was
generated by GNU Autoconf 2.57. Invocation command line was
$ ./configure
## --------- ##
## Platform. ##
## --------- ##
hostname = schloss
uname -m = i686
uname -r = 2.6.20-16-generic
uname -s = Linux
uname -v = #2 SMP Thu Jun 7 20:19:32 UTC 2007
/usr/bin/uname -p = unknown
/bin/uname -X = unknown
/bin/arch = i686
/usr/bin/arch -k = unknown
/usr/convex/getsysinfo = unknown
hostinfo = unknown
/bin/machine = unknown
/usr/bin/oslevel = unknown
/bin/universe = unknown
PATH: /usr/local/sbin
PATH: /usr/local/bin
PATH: /usr/sbin
PATH: /usr/bin
PATH: /sbin
PATH: /bin
PATH: /usr/bin/X11
## ----------- ##
## Core tests. ##
## ----------- ##
configure:1396: checking for gcc
configure:1412: found /usr/bin/gcc
configure:1422: result: gcc
configure:1666: checking for C compiler version
configure:1669: gcc --version </dev/null >&5
gcc (GCC) 4.1.2 (Ubuntu 4.1.2-0ubuntu4)
Copyright (C) 2006 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
configure:1672: $? = 0
configure:1674: gcc -v </dev/null >&5
Using built-in specs.
Target: i486-linux-gnu
Configured with: ../src/configure -v --enable-languages=c,c++,fortran,objc,obj-c++,treelang --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --program-suffix=-4.1 --enable-__cxa_atexit --enable-clocale=gnu --enable-libstdcxx-debug --enable-mpfr --enable-checking=release i486-linux-gnu
Thread model: posix
gcc version 4.1.2 (Ubuntu 4.1.2-0ubuntu4)
configure:1677: $? = 0
configure:1679: gcc -V </dev/null >&5
gcc: '-V' option must have argument
configure:1682: $? = 1
configure:1706: checking for C compiler default output
configure:1709: gcc -O conftest.c >&5
configure:1712: $? = 0
configure:1758: result: a.out
configure:1763: checking whether the C compiler works
configure:1769: ./a.out
configure:1772: $? = 0
configure:1789: result: yes
configure:1796: checking whether we are cross compiling
configure:1798: result: no
configure:1801: checking for suffix of executables
configure:1803: gcc -o conftest -O conftest.c >&5
configure:1806: $? = 0
configure:1831: result:
configure:1837: checking for suffix of object files
configure:1859: gcc -c -O conftest.c >&5
configure:1862: $? = 0
configure:1884: result: o
configure:1888: checking whether we are using the GNU C compiler
configure:1913: gcc -c -O conftest.c >&5
configure:1916: $? = 0
configure:1919: test -s conftest.o
configure:1922: $? = 0
configure:1935: result: yes
configure:1941: checking whether gcc accepts -g
configure:1963: gcc -c -g conftest.c >&5
configure:1966: $? = 0
configure:1969: test -s conftest.o
configure:1972: $? = 0
configure:1983: result: yes
configure:2000: checking for gcc option to accept ANSI C
configure:2061: gcc -c -O conftest.c >&5
configure:2064: $? = 0
configure:2067: test -s conftest.o
configure:2070: $? = 0
configure:2088: result: none needed
configure:2106: gcc -c -O conftest.c >&5
conftest.c:2: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'me'
configure:2109: $? = 1
configure: failed program was:
| #ifndef __cplusplus
| choke me
| #endif
configure:2223: checking gcc version
configure:2235: result: 4
configure:2430: checking maximum warning verbosity option
configure:2451: result: -Wall for C
configure:2494: checking for a BSD-compatible install
configure:2548: result: /usr/bin/install -c
configure:2559: checking whether ln -s works
configure:2563: result: yes
configure:2587: checking for modprobe
configure:2606: found /sbin/modprobe
configure:2618: result: /sbin/modprobe
configure:2632: checking for module_prefix
configure:2636: result: /lib/modules
configure:2645: checking for depmod
configure:2664: found /sbin/depmod
configure:2676: result: /sbin/depmod
configure:2862: checking what kind of binaries we shall create
configure:2876: result: dynamically linked
configure:2887: checking for library containing gethostbyname
configure:2918: gcc -o conftest -O2 -Wall conftest.c >&5
configure:2921: $? = 0
configure:2924: test -s conftest
configure:2927: $? = 0
configure:2986: result: none required
configure:3056: checking for library containing socket
configure:3087: gcc -o conftest -O2 -Wall conftest.c >&5
configure:3090: $? = 0
configure:3093: test -s conftest
configure:3096: $? = 0
configure:3155: result: none required
configure:3222: checking for library containing putmsg
configure:3253: gcc -o conftest -O2 -Wall conftest.c >&5
configure:3256: $? = 0
configure:3259: test -s conftest
configure:3262: $? = 0
configure:3321: result: none required
configure:3423: checking for local pcap library
configure:3442: result: not found
configure:3444: checking for main in -lpcap
configure:3469: gcc -o conftest -O2 -Wall conftest.c -lpcap >&5
configure:3472: $? = 0
configure:3475: test -s conftest
configure:3478: $? = 0
configure:3490: result: yes
configure:3543: checking how to run the C preprocessor
configure:3579: gcc -E conftest.c
configure:3585: $? = 0
configure:3617: gcc -E conftest.c
configure:3616:28: error: ac_nonexistent.h: No such file or directory
configure:3623: $? = 1
configure: failed program was:
| #line 3608 "configure"
| /* confdefs.h. */
|
| #define PACKAGE_NAME "dlantool"
| #define PACKAGE_TARNAME "dlantool"
| #define PACKAGE_VERSION "2.0"
| #define PACKAGE_STRING "dlantool 2.0"
| #define PACKAGE_BUGREPORT ""
| /* end confdefs.h. */
| #include <ac_nonexistent.h>
configure:3661: result: gcc -E
configure:3686: gcc -E conftest.c
configure:3692: $? = 0
configure:3724: gcc -E conftest.c
configure:3723:28: error: ac_nonexistent.h: No such file or directory
configure:3730: $? = 1
configure: failed program was:
| #line 3715 "configure"
| /* confdefs.h. */
|
| #define PACKAGE_NAME "dlantool"
| #define PACKAGE_TARNAME "dlantool"
| #define PACKAGE_VERSION "2.0"
| #define PACKAGE_STRING "dlantool 2.0"
| #define PACKAGE_BUGREPORT ""
| /* end confdefs.h. */
| #include <ac_nonexistent.h>
configure:3773: checking for egrep
configure:3783: result: grep -E
configure:3788: checking for ANSI C header files
configure:3814: gcc -c -O2 -Wall conftest.c >&5
configure:3817: $? = 0
configure:3820: test -s conftest.o
configure:3823: $? = 0
configure:3915: gcc -o conftest -O2 -Wall conftest.c -lpcap >&5
configure: In function 'main':
configure:3908: warning: implicit declaration of function 'exit'
configure:3908: warning: incompatible implicit declaration of built-in function 'exit'
configure:3918: $? = 0
configure:3920: ./conftest
configure:3923: $? = 0
configure:3938: result: yes
configure:3962: checking for sys/types.h
configure:3979: gcc -c -O2 -Wall conftest.c >&5
configure:3982: $? = 0
configure:3985: test -s conftest.o
configure:3988: $? = 0
configure:3999: result: yes
configure:3962: checking for sys/stat.h
configure:3979: gcc -c -O2 -Wall conftest.c >&5
configure:3982: $? = 0
configure:3985: test -s conftest.o
configure:3988: $? = 0
configure:3999: result: yes
configure:3962: checking for stdlib.h
configure:3979: gcc -c -O2 -Wall conftest.c >&5
configure:3982: $? = 0
configure:3985: test -s conftest.o
configure:3988: $? = 0
configure:3999: result: yes
configure:3962: checking for string.h
configure:3979: gcc -c -O2 -Wall conftest.c >&5
configure:3982: $? = 0
configure:3985: test -s conftest.o
configure:3988: $? = 0
configure:3999: result: yes
configure:3962: checking for memory.h
configure:3979: gcc -c -O2 -Wall conftest.c >&5
configure:3982: $? = 0
configure:3985: test -s conftest.o
configure:3988: $? = 0
configure:3999: result: yes
configure:3962: checking for strings.h
configure:3979: gcc -c -O2 -Wall conftest.c >&5
configure:3982: $? = 0
configure:3985: test -s conftest.o
configure:3988: $? = 0
configure:3999: result: yes
configure:3962: checking for inttypes.h
configure:3979: gcc -c -O2 -Wall conftest.c >&5
configure:3982: $? = 0
configure:3985: test -s conftest.o
configure:3988: $? = 0
configure:3999: result: yes
configure:3962: checking for stdint.h
configure:3979: gcc -c -O2 -Wall conftest.c >&5
configure:3982: $? = 0
configure:3985: test -s conftest.o
configure:3988: $? = 0
configure:3999: result: yes
configure:3962: checking for unistd.h
configure:3979: gcc -c -O2 -Wall conftest.c >&5
configure:3982: $? = 0
configure:3985: test -s conftest.o
configure:3988: $? = 0
configure:3999: result: yes
configure:4034: checking arpa/inet.h usability
configure:4047: gcc -c -O2 -Wall conftest.c >&5
configure:4050: $? = 0
configure:4053: test -s conftest.o
configure:4056: $? = 0
configure:4066: result: yes
configure:4070: checking arpa/inet.h presence
configure:4081: gcc -E conftest.c
configure:4087: $? = 0
configure:4106: result: yes
configure:4142: checking for arpa/inet.h
configure:4149: result: yes
configure:4034: checking fcntl.h usability
configure:4047: gcc -c -O2 -Wall conftest.c >&5
configure:4050: $? = 0
configure:4053: test -s conftest.o
configure:4056: $? = 0
configure:4066: result: yes
configure:4070: checking fcntl.h presence
configure:4081: gcc -E conftest.c
configure:4087: $? = 0
configure:4106: result: yes
configure:4142: checking for fcntl.h
configure:4149: result: yes
configure:4025: checking for memory.h
configure:4030: result: yes
configure:4034: checking netinet/in.h usability
configure:4047: gcc -c -O2 -Wall conftest.c >&5
configure:4050: $? = 0
configure:4053: test -s conftest.o
configure:4056: $? = 0
configure:4066: result: yes
configure:4070: checking netinet/in.h presence
configure:4081: gcc -E conftest.c
configure:4087: $? = 0
configure:4106: result: yes
configure:4142: checking for netinet/in.h
configure:4149: result: yes
configure:4025: checking for stdlib.h
configure:4030: result: yes
configure:4025: checking for string.h
configure:4030: result: yes
configure:4034: checking sys/ioctl.h usability
configure:4047: gcc -c -O2 -Wall conftest.c >&5
configure:4050: $? = 0
configure:4053: test -s conftest.o
configure:4056: $? = 0
configure:4066: result: yes
configure:4070: checking sys/ioctl.h presence
configure:4081: gcc -E conftest.c
configure:4087: $? = 0
configure:4106: result: yes
configure:4142: checking for sys/ioctl.h
configure:4149: result: yes
configure:4034: checking sys/socket.h usability
configure:4047: gcc -c -O2 -Wall conftest.c >&5
configure:4050: $? = 0
configure:4053: test -s conftest.o
configure:4056: $? = 0
configure:4066: result: yes
configure:4070: checking sys/socket.h presence
configure:4081: gcc -E conftest.c
configure:4087: $? = 0
configure:4106: result: yes
configure:4142: checking for sys/socket.h
configure:4149: result: yes
configure:4034: checking sys/time.h usability
configure:4047: gcc -c -O2 -Wall conftest.c >&5
configure:4050: $? = 0
configure:4053: test -s conftest.o
configure:4056: $? = 0
configure:4066: result: yes
configure:4070: checking sys/time.h presence
configure:4081: gcc -E conftest.c
configure:4087: $? = 0
configure:4106: result: yes
configure:4142: checking for sys/time.h
configure:4149: result: yes
configure:4025: checking for unistd.h
configure:4030: result: yes
configure:4166: checking for inline
configure:4188: gcc -c -O2 -Wall conftest.c >&5
configure:4191: $? = 0
configure:4194: test -s conftest.o
configure:4197: $? = 0
configure:4209: result: inline
configure:4224: checking for pid_t
configure:4249: gcc -c -O2 -Wall conftest.c >&5
configure:4252: $? = 0
configure:4255: test -s conftest.o
configure:4258: $? = 0
configure:4269: result: yes
configure:4281: checking for size_t
configure:4306: gcc -c -O2 -Wall conftest.c >&5
configure:4309: $? = 0
configure:4312: test -s conftest.o
configure:4315: $? = 0
configure:4326: result: yes
configure:4338: checking whether time.h and sys/time.h may both be included
configure:4364: gcc -c -O2 -Wall conftest.c >&5
configure:4367: $? = 0
configure:4370: test -s conftest.o
configure:4373: $? = 0
configure:4384: result: yes
configure:4402: checking whether gcc needs -traditional
configure:4446: result: no
configure:4458: checking for stdlib.h
configure:4463: result: yes
configure:4595: checking for GNU libc compatible malloc
configure:4625: gcc -o conftest -O2 -Wall conftest.c -lpcap >&5
configure:4628: $? = 0
configure:4630: ./conftest
configure:4633: $? = 0
configure:4647: result: yes
configure:4681: checking for system
configure:4731: gcc -o conftest -O2 -Wall conftest.c -lpcap >&5
configure:4734: $? = 0
configure:4737: test -s conftest
configure:4740: $? = 0
configure:4751: result: yes
configure:4681: checking for dup2
configure:4731: gcc -o conftest -O2 -Wall conftest.c -lpcap >&5
configure:4734: $? = 0
configure:4737: test -s conftest
configure:4740: $? = 0
configure:4751: result: yes
configure:4681: checking for memset
configure:4731: gcc -o conftest -O2 -Wall conftest.c -lpcap >&5
configure:4735: warning: conflicting types for built-in function 'memset'
configure:4734: $? = 0
configure:4737: test -s conftest
configure:4740: $? = 0
configure:4751: result: yes
configure:4681: checking for select
configure:4731: gcc -o conftest -O2 -Wall conftest.c -lpcap >&5
configure:4734: $? = 0
configure:4737: test -s conftest
configure:4740: $? = 0
configure:4751: result: yes
configure:4681: checking for socket
configure:4731: gcc -o conftest -O2 -Wall conftest.c -lpcap >&5
configure:4734: $? = 0
configure:4737: test -s conftest
configure:4740: $? = 0
configure:4751: result: yes
configure:4681: checking for strerror
configure:4731: gcc -o conftest -O2 -Wall conftest.c -lpcap >&5
configure:4734: $? = 0
configure:4737: test -s conftest
configure:4740: $? = 0
configure:4751: result: yes
configure:4681: checking for vfork
configure:4731: gcc -o conftest -O2 -Wall conftest.c -lpcap >&5
configure:4734: $? = 0
configure:4737: test -s conftest
configure:4740: $? = 0
configure:4751: result: yes
configure:4681: checking for fork
configure:4731: gcc -o conftest -O2 -Wall conftest.c -lpcap >&5
configure:4740: warning: conflicting types for built-in function 'fork'
configure:4734: $? = 0
configure:4737: test -s conftest
configure:4740: $? = 0
configure:4751: result: yes
configure:4863: creating ./config.status
## ---------------------- ##
## Running config.status. ##
## ---------------------- ##
This file was extended by dlantool config.status 2.0, which was
generated by GNU Autoconf 2.57. Invocation command line was
CONFIG_FILES =
CONFIG_HEADERS =
CONFIG_LINKS =
CONFIG_COMMANDS =
$ ./config.status
on schloss
config.status:642: creating Makefile
config.status:642: creating tool/Makefile
config.status:642: creating driver/Makefile
config.status:746: creating tool/config.h
## ---------------- ##
## Cache variables. ##
## ---------------- ##
ac_cv_c_compiler_gnu=yes
ac_cv_c_inline=inline
ac_cv_env_CC_set=
ac_cv_env_CC_value=
ac_cv_env_CFLAGS_set=
ac_cv_env_CFLAGS_value=
ac_cv_env_CPPFLAGS_set=
ac_cv_env_CPPFLAGS_value=
ac_cv_env_CPP_set=
ac_cv_env_CPP_value=
ac_cv_env_LDFLAGS_set=
ac_cv_env_LDFLAGS_value=
ac_cv_env_build_alias_set=
ac_cv_env_build_alias_value=
ac_cv_env_host_alias_set=
ac_cv_env_host_alias_value=
ac_cv_env_target_alias_set=
ac_cv_env_target_alias_value=
ac_cv_exeext=
ac_cv_func_dup2=yes
ac_cv_func_fork=yes
ac_cv_func_malloc_0_nonnull=yes
ac_cv_func_memset=yes
ac_cv_func_select=yes
ac_cv_func_socket=yes
ac_cv_func_strerror=yes
ac_cv_func_system=yes
ac_cv_func_vfork=yes
ac_cv_header_arpa_inet_h=yes
ac_cv_header_fcntl_h=yes
ac_cv_header_inttypes_h=yes
ac_cv_header_memory_h=yes
ac_cv_header_netinet_in_h=yes
ac_cv_header_stdc=yes
ac_cv_header_stdint_h=yes
ac_cv_header_stdlib_h=yes
ac_cv_header_string_h=yes
ac_cv_header_strings_h=yes
ac_cv_header_sys_ioctl_h=yes
ac_cv_header_sys_socket_h=yes
ac_cv_header_sys_stat_h=yes
ac_cv_header_sys_time_h=yes
ac_cv_header_sys_types_h=yes
ac_cv_header_time=yes
ac_cv_header_unistd_h=yes
ac_cv_lbl_gcc_vers=4
ac_cv_lib_pcap_main=yes
ac_cv_objext=o
ac_cv_path_DEPMOD=/sbin/depmod
ac_cv_path_MODPROBE=/sbin/modprobe
ac_cv_path_install='/usr/bin/install -c'
ac_cv_prog_CPP='gcc -E'
ac_cv_prog_ac_ct_CC=gcc
ac_cv_prog_cc_g=yes
ac_cv_prog_cc_stdc=
ac_cv_prog_egrep='grep -E'
ac_cv_prog_gcc_traditional=no
ac_cv_search_gethostbyname='none required'
ac_cv_search_putmsg='none required'
ac_cv_search_socket='none required'
ac_cv_type_pid_t=yes
ac_cv_type_size_t=yes
## ----------------- ##
## Output variables. ##
## ----------------- ##
ARCH='i686'
CC='gcc'
CFLAGS='-O2 -Wall'
CPP='gcc -E'
CPPFLAGS=''
DEFS='-DHAVE_CONFIG_H'
DEPMOD='/sbin/depmod'
DLANCONFIGVERSION='2.0'
DRIVERVERSION='2.0'
DRV_DIR='/home/prinzessin/Desktop/dLAN-linux-package-2.0/driver'
DVRDIR='driver'
ECHO_C=''
ECHO_N='-n'
ECHO_T=''
EGREP='grep -E'
EXEEXT=''
INSTALLDRVDIR26='/lib/modules/2.6.20-16-generic/extra'
INSTALLDRVDIR='/lib/modules/2.6.20-16-generic/kernel/drivers/net'
INSTALL_DATA='${INSTALL} -m 644'
INSTALL_PROGRAM='${INSTALL}'
INSTALL_SCRIPT='${INSTALL}'
IS26='y'
KERNELDIR='/lib/modules/2.6.20-16-generic/build'
KVERSION='2.6.20-16-generic'
LDFLAGS=''
LIBOBJS=''
LIBS='-lpcap '
LN_S='ln -s'
LTLIBOBJS=''
MANTYP='8'
MKINSTALLDIR='mkdir -p'
MODFIL='/etc/modprobe.conf'
MODPROBE='/sbin/modprobe'
MODV=''
MODVERSION_INCLUDE=''
OBJEXT='o'
PACKAGE_BUGREPORT=''
PACKAGE_NAME='dlantool'
PACKAGE_STRING='dlantool 2.0'
PACKAGE_TARNAME='dlantool'
PACKAGE_VERSION='2.0'
PATH_SEPARATOR=':'
SHELL='/bin/bash'
SHLICC2=''
SUBDIRS='tool driver'
TOOLDIR='tool'
USBDEF='-DUSBMGR=\"uhci\"'
V_INCLS=''
V_PCAPDEP=''
ac_ct_CC='gcc'
bindir='${exec_prefix}/bin'
build_alias=''
datadir='${prefix}/share'
exec_prefix='${prefix}'
host_alias=''
includedir='${prefix}/include'
infodir='${prefix}/info'
libdir='${exec_prefix}/lib'
libexecdir='${exec_prefix}/libexec'
localstatedir='${prefix}/var'
mandir='${prefix}/man'
module_prefix='/lib/modules'
oldincludedir='/usr/include'
prefix='/usr/local'
program_transform_name='s,x,x,'
sbindir='${exec_prefix}/sbin'
sharedstatedir='${prefix}/com'
sysconfdir='${prefix}/etc'
target_alias=''
## ----------- ##
## confdefs.h. ##
## ----------- ##
#define HAVE_ARPA_INET_H 1
#define HAVE_DUP2 1
#define HAVE_FCNTL_H 1
#define HAVE_FORK 1
#define HAVE_INTTYPES_H 1
#define HAVE_MALLOC 1
#define HAVE_MEMORY_H 1
#define HAVE_MEMORY_H 1
#define HAVE_MEMSET 1
#define HAVE_NETINET_IN_H 1
#define HAVE_SELECT 1
#define HAVE_SOCKET 1
#define HAVE_STDINT_H 1
#define HAVE_STDLIB_H 1
#define HAVE_STDLIB_H 1
#define HAVE_STDLIB_H 1
#define HAVE_STRERROR 1
#define HAVE_STRINGS_H 1
#define HAVE_STRING_H 1
#define HAVE_STRING_H 1
#define HAVE_SYSTEM 1
#define HAVE_SYS_IOCTL_H 1
#define HAVE_SYS_SOCKET_H 1
#define HAVE_SYS_STAT_H 1
#define HAVE_SYS_TIME_H 1
#define HAVE_SYS_TYPES_H 1
#define HAVE_UNISTD_H 1
#define HAVE_UNISTD_H 1
#define HAVE_VFORK 1
#define PACKAGE_BUGREPORT ""
#define PACKAGE_NAME "dlantool"
#define PACKAGE_STRING "dlantool 2.0"
#define PACKAGE_TARNAME "dlantool"
#define PACKAGE_VERSION "2.0"
#define STDC_HEADERS 1
#define TIME_WITH_SYS_TIME 1
configure: exit 0
Announcements
- FWKNOP version 1.9.7 released 8-25-2008. Changes here as follows: http://trac.cipherdyne.org/trac/fwknop/browser/fwknop/tags/fwknop-1.9.7/ChangeLog
- FWKNOP version 1.9.6 released 7-19-2008. Changes/New Features will be updated once Change List is available. http://trac.cipherdyne.org/trac/fwknop/browser/fwknop/tags/fwknop-1.9.6/ChangeLog
- FWKNOP version 1.9.5 (server and client versions) released 6-8-2008. Minimal increased functionality with this release. Updates various perl libraries. Changes documented here: http://trac.cipherdyne.org/trac/fwknop/browser/fwknop/tags/fwknop-1.9.5/ChangeLog
Source code: http://www.cipherdyne.org/fwknop/download/fwknop-1.9.5.tar.gz
- FWKNOP version 1.9.4 (server and client versions) released 6-1-2008. Two randomization port techniques were added for the outgoing client SPA request to allow for use of a random UPD port. Additional details on use of these advanced techniques found: http://trac.cipherdyne.org/trac/fwknop/browser/fwknop/tags/fwknop-1.9.4/ChangeLog
Tested Platforms
Server Installations
Ubuntu, Arch
Client Installations
Ubuntu, Arch, Cygwin (Windows)
I. Overview of Port Knocking
Port knocking is a means of host-host communication which information flows through closed ports. Notice this remarkably differs from most other form of communications in which a listening daemon is connected to an open port, which is accessible to the outside world. With a Port Knocker daemon, since communication takes places through closed ports, the listening Port Knocker daemon is undetectable to exploitative port scanner utilities.
Although the exact implementation of each port knocking process differs between programs, the port knocking process may be thought of in general terms as:
1. A client sends a Port Knocking packet or "combination code -- such as a combination code used to unlock a padlock" to the listening daemon. In many cases this "combination code" can be encrypted using a symmetric cipher, or can be encrypted utilizing asymmetric techniques such as those employed in GnuPG with the use of symmetric ciphers and hashes.
2. A monitoring daemon on the server detects the Port Knocking packet or "combination code".
3. Based on the Port Knocking implementation the Port Knocking "combination code" unlocks a process on the server. In many cases the "combination code" acts to directly modify the servers firewall to open up a listening port on the server -- such as enabling port 22 providing for further communication through the OpenSSH protocol. In other cases an executable program is directly run on the monitoring server.
4. In all cases, there is no delivery confirmation of the received packet from the monitoring daemon back to the client. Communication is performed stealthly.
The complexity of the Port Knocking sequence or "lock combination" can vary widely. It could be as simple as a three-number unencrypted combination such as TCP port 1000, TCP port 2000, UPD port 3000. In other applications, the combination could be encrypted and contain confirmation hashes, time-based limits to when the knock sequence expires, specific IP address limitations, or specific executable commands or code that would be run on the server upon delivery of the packet. Also how the listening daemon actually detects the "knock sequence" -- whether through monitoring of the firewall logs, or through use of a packet capture utility such as PCAP (http://en.wikipedia.org/wiki/Pcap), varies among the actual Port Knocking implementation.
Historically Port Knocking processes have been maliciously implemented in rootkits and trojans horses, and have been involved in mass-scale DNS attacks. Based on the history of port-knocking, the wide use of Port Knocker utilities is a matter of controversy among security experts.
There are two however well known publicized benefits of Port Knocking utilities when utilized in combination of firewall IP table modification. They ideally would protect provide and additional layer of security for other listening processes (such as the OpenSSH server) from zero-day and unpatched code vulnerabilities. This is particularly applicable given the recent discovery ( 5-13-2008 ) of the OpenSSH exploit contained in Debian/Ubuntu distributions. Although this exploit has now been corrected, as a result of incorrect modification of the OpenSSH psuedo-random number generator algorithm, Debian/Ubuntu systems were vulnerable for well over 1 year. If a port knocker utility would have been in place protecting the OpenSSH server process, it is likely that exploitation of this vulnerability would have been minimized.
References:
Port Knocking Background
http://www.portknocking.org/
http://en.wikipedia.org/wiki/Port_knocking
Debian/Ubuntu OpenSSH vulnerabilty:
Please note all default Ubuntu Feisty,Gutsy,Hardy and Intrepid installations are considered to be at risk
http://lists.debian.org/debian-security-announce/2008/msg00152.html
http://www.ubuntu.com/usn/usn-612-1
http://ubuntuforums.org/showthread.php?t=793517
Other References:
Pcap - http://en.wikipedia.org/wiki/Pcap
Controversy with Use of Port Knockers as Discussed on Ubuntu Forums: http://ph.ubuntuforums.com/showthread.php?t=758666
II. Installation of the FWKNOP Port Knocking Application
FWKNOP Port Knocking Implementation
FWKNOP (FireWall KNock OPerator) - a specific port knocking application that implements Single Packet Authorization and allows for encrypted packet communication. (http://www.cipherdyne.org/fwknop/). There are other Port Knocking implementations (http://www.portknocking.org/view/implementations), however many are proof-of-concept designs, or are not being actively maintained. FWKNOP is under current active development. Michael Rash -- the author of the implementation -- has published several papers and books on the subject of Port Knocking and use of Linux Firewalls. In addition he is very responsive to user questions and concerns in regards to the FWKNOP implementation. In addition the FWKNOP daemon can be installed on Linux/BSD (Mac OS X) platforms, and clients are available for Linux, BSD (Mac), and Windows(through cygwin or utilizing a native GUI client).
Installation of FWKNOP Daemon (Server) on Ubuntu
Install Dependencies
sudo aptitude install build-essential linux-headers-$(uname -r) libpcap-dev nmap
Install Additional Perl Dependencies for FWKNOP ***Note: cpan method fails for Net::PCAP installation
cd ~
mkdir Source
cd Source
mkdir fwknop
cd fwknop
wget http://search.cpan.org/CPAN/authors/id/S/SA/SAPER/Net-Pcap-0.16.tar.gz
tar zxvf Net-Pcap-0.16.tar.gz
cd Net-Pcap-0.16.tar.gz
perl ./Makefile.PL
make
sudo make install
Download and install FWKNOP
cd ~
cd Source/fwknop
wget http://www.cipherdyne.org/fwknop/download/fwknop-1.9.3.tar.bz2
tar -jxvf fwknop-1.9.3.tar.bz2
cd fwknop-1.9.3
sudo ./install.pl (Please answer questions with install script using pcap library)
For users using versions <= 1.9.3 (Fixes run-level bug at startup)
sudo update-rc.d -f fwknop remove
sudo update-rc.d fwknop defaults 99
Verifying the Installation Process
(This is where it gets down and dirty!!)
Included in the FWKNOP sources is a test installation script to verify the FWKNOP installation and server capabilities.
By default, this process assumes there is a mail server executable located at /bin/mail. By default the fwknop server is designed to mail the server administrator notification everytime the fwknop process executes.
The test installation script produces many errors if an executable mail transfer agent (MTA) does not exist at /bin/mail.
--If you have a MTA (mail transfer agent) and would like to utilize this notification feature, I would recommend creating a symbolic link from /bin/mail to your preferred mailing program. This would be performed with the following code:
sudo ln -s <actual MTA/executable> /bin/mail
--If you do not have a MTA (mail transfer agent) and/or do not want to implement this notification feature, create a temporary link (this will be removed later) to allow the test program to complete
sudo ln -s /bin/echo /bin/mail
Now attempt to run the FWKNOP installation test to verify server integrity:
cd ~/Source/fwknop/fwknop-1.9.3/test
sudo perl fwknop_test.pl
Result of my test script appeared as the following:
$ sudo ~/Source/fwknop/fwknop-1.9.3/test/fwknop_test.pl
[+] ==> Running fwknop test suite; firewall: iptables <==
(Setup) perl program compilation....................................pas s (0)
(Setup) C program compilation....................................... pass (1)
(Setup) Command line argument processing............................pass (2)
(Setup) List iptables rules.........................................pass (3)
(Setup) System information and fwknop installation specifics........pass (4)
(Setup) Stopping any running fwknopd processes......................pass (5)
(Setup) Flushing all fwknopd iptables rules.........................pass (6)
(Setup) Deleting all fwknopd iptables chains........................pass (7)
(Basic communications) Generating SPA access packet.................pass (8)
(Basic communications) Sniffing SPA access packet...................pass (9)
(Basic communications) Verifying SPA access packet format...........pass (10)
(Basic communications) Firewall access rules exist..................pass (11)
(Sleeping for 5 (+3) seconds for firewall rule timeout)
8 7 6 5 4 3 2 1 0
(Basic communications) Firewall access rules removed................pass (12)
(Basic communications) Stopping all running fwknopd processes.......pass (13)
(Replay attacks, broken data) Rijndael key validity.................pass (14)
(Replay attacks, broken data) Replay detection - all digests........pass (15)
(Replay attacks, broken data) Replay detection - SHA256.............pass (16)
(Replay attacks, broken data) Replay detection - SHA1...............pass (17)
(Replay attacks, broken data) Replay detection - MD5................pass (18)
(Replay attacks, broken data) 100 random packets....................pass (19)
(Replay attacks, broken data) Truncated SPA packet..................pass (20)
(Replay attacks, broken data) Sniffing truncated SPA packet.........pass (21)
(Replay attacks, broken data) Firewall rules do not exist...........pass (22)
(Replay attacks, broken data) SPA packet with bogus key.............pass (23)
(Replay attacks, broken data) Sniffing broken SPA packet............pass (24)
(Replay attacks, broken data) Firewall rules do not exist...........pass (25)
(Internal digest alg mis-match) Generating SPA packet...............pass (26)
(Internal digest alg mis-match) Sniffing SPA packet.................pass (27)
(Internal digest alg mis-match) Verifying SPA packet format.........pass (28)
(Internal digest alg mis-match) Firewall access rules exist.........pass (29)
(Sleeping for 5 (+3) seconds for firewall rule timeout)
8 7 6 5 4 3 2 1 0
(Internal digest alg mis-match) Firewall access rules removed.......pass (30)
(Internal digest alg mis-match) Stopping all fwknopd processes......pass (31)
(Client timeout) Generating SPA access packet.......................pass (32)
(Client timeout) Sniffing SPA access packet.........................pass (33)
(Client timeout) Verifying SPA access packet format.................pass (34)
(Client timeout) Firewall access rules exist........................pass (35)
(Sleeping for 10 seconds for firewall rule timeout)
10 9 8 7 6 5 4 3 2 1 0
(Client timeout) Firewall access rules removed......................pass (36)
(Client timeout) Stopping all running fwknopd processes.............pass (37)
(Append data) Data appended to SPA packet...........................pass (38)
(Append data) Sniffing appended SPA packet..........................pass (39)
(Append data) Firewall rules exist..................................pass (40)
(Rijndael Salted__ compatibility) Generating SPA packet.............pass (41)
(Rijndael Salted__ compatibility) Sniffing SPA packet...............pass (42)
(Rijndael Salted__ compatibility) Verifying SPA format..............pass (43)
(Rijndael Salted__ compatibility) Rules exist.......................pass (44)
(Sleeping for 5 (+3) seconds for firewall rule timeout)
8 7 6 5 4 3 2 1 0
(Rijndael Salted__ compatibility) Rules removed.....................pass (45)
(Rijndael Salted__ compatibility) Stopping fwknopd..................pass (46)
(Non-promisc capture) Generating SPA access packet..................pass (47)
(Non-promisc capture) Sniffing SPA access packet....................pass (48)
(Non-promisc capture) Verifying sniffed SPA access packet...........pass (49)
(Non-promisc capture) Firewall access rules exist...................pass (50)
(Sleeping for 5 (+3) seconds for firewall rule timeout)
8 7 6 5 4 3 2 1 0
(Non-promisc capture) Firewall access rules removed.................pass (51)
(Non-promisc capture) Stopping all fwknopd processes................pass (52)
(SPA aging) Generating SPA access packet............................pass (53)
(SPA aging) Expired SPA packet detection............................pass (54)
(SPA aging) Making sure firewall rules do not exist.................pass (55)
(Require SRC) Generating SPA packet with 0.0.0.0 src addr...........pass (56)
(Require SRC) Sniffing packet with 0.0.0.0 src addr.................pass (57)
(Require SRC) Making sure firewall rules do not exist...............pass (58)
(Require user) Generating SPA packet with unauthorized user.........pass (59)
(Require user) Unauthorized user detection..........................pass (60)
(Require user) Making sure firewall rules do not exist..............pass (61)
(Permit ports) Generating unauthorized port access request..........pass (62)
(Permit ports) Unauthorized port access detection...................pass (63)
(Permit ports) Making sure firewall rules do not exist..............pass (64)
(Bogus src) Generating SPA packet from non-matching src.............pass (65)
(Bogus src) Verifying SPA access packet format......................pass (66)
(Bogus src) Non-matching SOURCE block...............................pass (67)
(Bogus src) Making sure firewall rules do not exist.................pass (68)
(Excluded src) Generating SPA packet from non-matching src..........pass (69)
(Excluded src) Verifying SPA access packet format...................pass (70)
(Excluded src) Non-matching SOURCE block............................pass (71)
(Excluded src) Making sure firewall rules do not exist..............pass (72)
(Blacklist src) Generating blacklisted SPA packet...................pass (73)
(Blacklist src) Verifying SPA access packet format..................pass (74)
(Blacklist src) Sniffing SPA packet.................................pass (75)
(Blacklist src) Making sure firewall rules do not exist.............pass (76)
(Multi-SOURCE) Generating SPA access packet.........................pass (77)
(Multi-SOURCE) Sniffing SPA access packet...........................pass (78)
(Multi-SOURCE) Verifying SPA access packet format...................pass (79)
(Multi-SOURCE) Firewall access rules exist..........................pass (80)
(Sleeping for 5 (+3) seconds for firewall rule timeout)
8 7 6 5 4 3 2 1 0
(Multi-SOURCE) Firewall access rules removed........................pass (81)
(Multi-SOURCE) Stopping running fwknopd processes...................pass (82)
(GnuPG) Generating SPA access packet................................pass (83)
(GnuPG) Sniffing SPA access packet to acquire access................pass (84)
(GnuPG) Verifying sniffed SPA access packet format..................pass (85)
(GnuPG) Firewall access rules exist.................................pass (86)
(Sleeping for 5 (+3) seconds for firewall rule timeout)
8 7 6 5 4 3 2 1 0
(GnuPG) Firewall access rules removed...............................pass (87)
(GnuPG) Stopping all running fwknopd processes......................pass (88)
(Command execution) Generating SPA command packet...................pass (89)
(Command execution) Sniffing SPA command packet and executing.......pass (90)
(Command execution) Verifying SPA command packet format.............pass (91)
(Command execution) Making sure firewall rules do not exist.........pass (92)
(Command execution) Non-matching regex command packet...............pass (93)
(Command execution) SPA command packet filtered.....................pass (94)
(Command execution) Making sure firewall rules do not exist.........pass (95)
(FORWARD chain) Stopping all running fwknopd processes..............pass (96)
(FORWARD chain) Generating FORWARD chain access packet..............pass (97)
(FORWARD chain) FORWARD request detection...........................pass (98)
(FORWARD chain) FORWARD and DNAT access rules.......................pass (99)
(FORWARD chain) Verifying SPA FORWARD access packet format..........pass (100)
(Sleeping for 5 (+3) seconds for firewall rule timeout)
8 7 6 5 4 3 2 1 0
(FORWARD chain) Making sure firewall rules are removed..............pass (101)
(FORWARD chain) Generating FORWARD access SPA packet................pass (102)
(FORWARD chain) Verifying SPA FORWARD access packet format..........pass (103)
(FORWARD chain) FORWARD access to restricted IP.....................pass (104)
(FORWARD chain) Firewall rules do not exist.........................pass (105)
(OUTPUT chain) Stopping all running fwknopd processes...............pass (106)
(OUTPUT chain) Generating OUTPUT chain access packet................pass (107)
(OUTPUT chain) OUTPUT access rules..................................pass (108)
(OUTPUT chain) Verifying OUTPUT access packet format................pass (109)
(Sleeping for 5 (+3) seconds for firewall rule timeout)
8 7 6 5 4 3 2 1 0
(OUTPUT chain) Making sure firewall rules are removed...............pass (110)
(Filesystem tcpdump capture) Sniffing over lo.......................pass (111)
(Filesystem tcpdump capture) Stopping fwknopd processes.............pass (112)
(Filesystem tcpdump capture) Generating SPA packet..................pass (113)
(Filesystem tcpdump capture) SPA communications via file............pass (114)
(Filesystem tcpdump capture) Firewall access rules exist............pass (115)
(Sleeping for 5 (+3) seconds for firewall rule timeout)
8 7 6 5 4 3 2 1 0
(Filesystem tcpdump capture) Rules removed..........................pass (116)
Stopping all running fwknopd processes..............................pass (117)
Deleting all fwknopd iptables chains................................pass (118)
Verifying SPA digest file format....................................pass (119)
Collecting fwknop syslog messages...................................pass (120)
[+] ==> Passed 121/121 tests against fwknop. <==
[+] This console output has been stored in: test.log
Please note that it is not necessary to pass all steps. I still had one error at the conclusion of the test process (but still have a functioning server). If you receive any fails to the process above, further information regarding each particular step can be found in:
~/Source/fwknop/fwknop-1.9.3/test/output/std.stdout.<test_number>
cd ~/Source/fwknop/fwknop-1.9.3/test/output/std.stderr.<test_number>
These files are simple text files. I would recommend reading each file and post the particular debugging message in this forum if you are unable to troubleshoot the source of the error yourself.
III. Configuration of the FWKNOP Port Knocking Daemon
There are only two actual configuration files (fwknop.conf, access.conf) for the FWKNOP daemon process. These files are located in /etc/fwknop. Access to this directory can only be done as root. To access these files do the following:
sudo su
cd /etc/fwknop
gksu gedit <filename> (examples: gsku gedit fwknop.conf, gksu gedit access.conf)
exit
Modification of the /etc/fwknop/fwknop.conf file (Optional):
1. Changed ALERTING_METHODS from ALL -> noemail
---Rationale for doing this: I do not have a MTA (mail transfer agent) installed on my machine and would not like to receive email alerts everytime port knocker utility is accessed
2. Changed shCmd from /bin/sh -> /bin/bash
Modification of the /etc/fwknop/access.conf file (Mandatory)
The access.conf file is the heart of the Port Knocking Daemon. Options in this file control who can send packets, what incoming ports to open in the firewall after verification of the port knock, the duration of time to keep the port open for incoming connections, the type of encryption method expected for the port knock (symmetric vs asymmetric), and commands are to be execute on the fwknop daemon server. Example configurations are given in the file.
IV. Putting it All Together -- An Illustrative Example
The following example will demonstrate setup of a FWKNOP daemon server that allows a port knocking sequence to temporarily open the ssh incoming port (port 22) for 30 seconds, to allow an incoming ssh connection. For this first example I will assume the Single Packet Authentication (SPA) Port Knocking Sequence will be encoded using Rijndael encryption.
Requirements for Setup
1. Two separate computers - one acting as the fwknop/ssh client, and the other acting as the fwnkop/ssh daemon server. The client must have a valid ssh account on the server.
2. A running OpenSSH daemon on the server
3. An active Iptables Firewall on the server(which is turned off by default).
4. A port scanner on the client machine to verify opening an closure of the incoming port on the server (Port 22). Nmap will be our chosen port scanner.
5. Verification Steps to Ensure Everything is Working as Expected (Mostly applicable to server).
Client and Server Setup
(A Full explanation for the OpenSSH server setup may be found here: https://help.ubuntu.com/community/AdvancedOpenSSH)
Client Machine
OpenSSH
Client Operating System Platform:
Ubuntu (Linux Machine) or Mac OS X - OpenSSH client installed by default at time of installation.
Windows - OpenSSH client provided by installation of either cygwin (http://www.cygwin.com/) or putty(http://www.chiark.greenend.org.uk/~sgtatham/putty/).
FWKNOP
Client Operating System Platform:
Ubuntu (Linux) / MAC OSX - Follow instructions to install server as above. Server installation will automatically install a command line client program.
Windows - GUI client found here: http://www.cipherdyne.org/fwknop/download/. Additionally a command line cygwin client is also available by contacting the FWKNOP author.
Server Machine: Platform Ubuntu Linux
OpenSSH Server Installation
sudo aptitude install openssh-server
The server can be further enhanced to allow key-based authentication and disallow password based authentication. This would allow for the most secure authentication mechanism. If using key based authentication, I would recommend at least 2048 or 4096 byte rsa keys (1024 byte keys are the default).
FWKNOP Server Installation
Please see steps mentioned previously in this guide.
A Listening OpenSSH Server
By default the OpenSSH server listens on port 22. It is recommended this default port number be changed for security reasons via alteration of the /etc/ssh/sshd_config, however this example will assume port 22.
The OpenSSH server can be stopped and started via the following commands:
sudo /etc/init.d/ssh stop
sudo /etc/init.d/ssh start
Confirmation that the ssh daemon is listening is provided by netstat command providing output similar to:
$ sudo netstat -anlp | grep sshd
tcp6 0 0 :::22 :::* LISTEN 4396/sshd
The above shows a sshd listening process on port 22.
Please confirm that an ssh connection from client to server can be completed at this stage:
Client Machine:
ssh <user>@<IP_address_server>
Example
$ ssh [email protected]
Ubuntu 8.04
Linux sudarshan 2.6.24-16-generic #1 SMP Thu Apr 10 13:23:42 UTC 2008 i686
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
Last login: Thu May 29 22:24:58 2008 from 192.168.1.101
Linux sudarshan 2.6.24-16-generic #1 SMP Thu Apr 10 13:23:42 UTC 2008 i686
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
sue@sudarshan:~$
IPTables Firewall Setup on Server Machine
***If you already have an existing Iptables firewall established, please save the old configuration via:
sudo iptables-save -c > /etc/iptables-save
Later the iptables can be restored if needed:
cat /etc/iptables-save | sudo iptables-restore -c
****
Flush/Reset the iptables rule set to allow all ports:
sudo /sbin/iptables -F
sudo /sbin/iptables -F -t nat
sudo /sbin/iptables -X
From the client machine verify the ssh port on the server is open and visible to the outside world (Example assuming 192.168.1.102 is the IP address of the server - change depending on your configuration):
$ nmap -p 22 192.168.1.102
Starting Nmap 4.62 ( http://nmap.org )
Interesting ports on 192.168.1.102:
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:40:96:AF:E3:0C (Cisco Systems)
Nmap done: 1 IP address (1 host up) scanned in 0.453 seconds
Note the result above demonstrates that port 22 is open on the server and the ssh service is listening.
Next establish some basic firewall rules (Note that this will close all incoming connections -- please be aware of this -- modify to your specific situation -- Please note that this is an extremely basic firewall blocking all incoming connections other than those already established. In a production environment you would want to actually want a more fully featured firewall ruleset, but would want the default ruleset for port 22 (or ssh port) to be set to DROP ):
sudo /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo /sbin/iptables -A INPUT -i ! lo -j DROP
Manually verify from the client that the server ssh port 22 is closed:
$ nmap -p 22 192.168.1.102
Starting Nmap 4.62 ( http://nmap.org )
Interesting ports on 192.168.1.102:
PORT STATE SERVICE
22/tcp filtered ssh
MAC Address: 00:40:96:AF:E3:0C (Cisco Systems)
Nmap done: 1 IP address (1 host up) scanned in 0.660 seconds
Notice the difference in the results of the two nmap port scans:
Open Port 22: 22/tcp open ssh
Closed Port 22: 22/tcp filtered ssh
Verification could also be completed attempting to make a successful ssh connection from client to server. With port 22 open, a connection should be established. With port 22 closed, an attempted connection should time out:
$ ssh [email protected]
ssh: connect to host 192.168.1.102 port 22: Connection timed out
Port Scanner Setup on Client Machine
If following the instructions, the nmap port scanner utility should already be installed. If you have not installed nmap:
sudo aptitude install nmap
Using nmap please verify that port 22 on the server is currently closed (or filtered), since the fwknop daemon will later act to dynamically open the port:
$ nmap -p 22 192.168.1.102
Starting Nmap 4.62 ( http://nmap.org )
Interesting ports on 192.168.1.102:
PORT STATE SERVICE
22/tcp filtered ssh
MAC Address: 00:40:96:AF:E3:0C (Cisco Systems)
Nmap done: 1 IP address (1 host up) scanned in 0.675 seconds
Please also verify that the OpenSSH server is listening on port 22 on the server behind the firewall:
On server machine:
$ sudo netstat -anlp | grep sshd
tcp6 0 0 :::22 :::* LISTEN 4396/sshd
FWKNOP Daemon Setup on Server
Configuration of the server's FWKNOP access.conf file
For this example's purpose, we are going to consider the fwknop password = Ubuntu2008. This password will act as the shared secret key for the Rijndael symmetric cipher. When authenticating the password, the server will open port 22 for incoming connections for a maximum of 30 seconds to allow for an establishment of a ssh connection.
gksu gedit /etc/fwknop/access.conf &
At the conclusion of the examples and comments:
SOURCE: ANY;
OPEN_PORTS: tcp/22;
DATA_COLLECT_MODE: PCAP;
KEY: Ubuntu2008;
FW_ACCESS_TIMEOUT: 30;
**Additionally when using the Windows Client GUI I had to make the following modification to the server's /etc/fwknop/fwknop.conf. This may not be applicable to your situation.
ENABLE_SPA_PACKET_AGING N;
The fwknop daemon is usually stopped/stared using the following syntax:
sudo /etc/init.d/fwknop stop
sudo /etc/init.d/fwknop start
For this tutorial, the fwknop daemon will be run in debug mode to see the process occuring on the server. The server will be started in debug mode in the terminal and the output sent to the terminal:
cd ~/Source/fwknop/fwknop-1.9.3
sudo perl ./fwknopd --debug
To kill the server later, hit Cntl-C while in the command window.
Putting It All Together and Unlocking the Port
With the fwknop daemon running on the server, use the fwknop client to issue the port knock. For command line clients (Change IP address given your particular setup -- My setup 192.168.1.101=LAN IP address of client, 192.168.1.102=LAN IP address of Server), the fwknop command has the following syntax:
fwknop -A <protocol/port> -a <client IP address> -D <server IP address>
This is one example of how to use the client. Additional options, switches can be found here: http://www.cipherdyne.org/fwknop/docs/manpages/fwknop.html
$ fwknop -A tcp/22 -a 192.168.1.101 -D 192.168.1.102
[+] Starting fwknop client (SPA mode)...
[+] Enter an encryption key. This key must match a key in the file
/etc/fwknop/access.conf on the remote system.
Encryption Key:
[+] Building encrypted Single Packet Authorization (SPA) message...
[+] Packet fields:
Random data: 5817642240590499
Username: <username>
Timestamp: 1212123357
Version: 1.9.4-pre3
Type: 1 (access mode)
Access: 192.168.1.101,tcp/22
SHA256 digest: NvUBz8l+T76KPqOSwvLMJO1n6sNjTLjuScSz6IIp5m8
[+] Sending 182 byte message to 192.168.1.102 over udp/62201...
After performing this knocking sequence, a nmap port scan of the server should show the following (My setup 192.168.1.102=Server LAN IP address)
$ nmap -p 22 192.168.1.102
Starting Nmap 4.62 ( http://nmap.org )
Interesting ports on 192.168.1.102:
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:40:96:AF:E3:0C (Cisco Systems)
Nmap done: 1 IP address (1 host up) scanned in 0.407 seconds
However 30 seconds later the port scan shows the following:
$ nmap -p 22 192.168.1.102
Starting Nmap 4.62 ( http://nmap.org )
Interesting ports on 192.168.1.102:
PORT STATE SERVICE
22/tcp filtered ssh
MAC Address: 00:40:96:AF:E3:0C (Cisco Systems)
Nmap done: 1 IP address (1 host up) scanned in 0.678 seconds
Again if the port knock is re-issued, an attempted ssh connection should be successful.
For debugging purposes, the contents received by the server can be visualized in the command prompt debug window. Once the server is up and thoroughly tested, the /etc/init.d/fwkop file should be modified and the -debug parameter removed (similar to process shown above).
V. Summary
Again our example demonstrated use of a Rijndael Single-Packet-Authentication Encrypted Packet that altered the hosts Iptable firewall and allowed temporary access to the underlying SSH port. The nmap port scanner utility verified that the server port was closed under normal operation, however was visible after the port knock was authenticated for a 30 second interval.
If interested I can provide additional details how-to encrypt the packet using GPG asymmetrical encryption (http://ubuntuforums.org/showthread.php?t=687173, http://ubuntuforums.org/showthread.php?t=649466)
Additionally I did not include examples of executing a process on the remote server, however an example of how to do this would be included in the /etc/fwknop/access.conf file.
Comments and additions are welcome.
Removal of FWKNOP
Assuming directory structure used in the guide (Again if using version number other than 1.9.3 please alter according to your configuration):
cd ~/Source/fwknop/fwknop-1.9.3
sudo perl ./install.pl --uninstall
sudo update-rc.d -f fwknop remove
Addendum
- FWKNOP SPA (Single Packet Authentication) Raw Data Packet (What the encrypted packet actually looks like when sniffed):
Raw packet data (single line): +CqkFkQUcR/9N5pdkpid6bZPnMJ60l49WOXm4/cDEDkL8xyC5nnPdmMZYCrTXkTyxWO1IsvrW6wWdyIhrOhFhOz0 kEknCuHl2Iiz4rs0ZOUG4etcPczuspp1FumPXbtdmnM7KmEAbT yFuGvYCWFMwZfoXjlhI0E75q3Yl2GAi974kfJi2hbI3L
- Contents of Encrypted Packet
Packet fields:
Random data: 7334473082601197
Username: <username>
Remote time: 1212209666
Remote ver: 1.9.4-pre3
Action type: 1 (SPA_ACCESS_MODE)
Action: 192.168.1.101,tcp/22
SHA256 digest: OmsuEDCXgYYzZ7WDnf+Jl2mt7EVYz2ixoIlLaCl2qmk
Server Commands
sudo ps -A | grep fwknop <---Will show if fwknop daemon is up and running. If fwknopd process is not listed then need to start fwknop daemon manually (sudo /etc/init.d/fwknop start)
More Fully Featured Firewall Script
#!/bin/sh
#
IPTABLES=/sbin/iptables
### flush existing rules and set chain policy setting to DROP
$IPTABLES -F
$IPTABLES -F -t nat
$IPTABLES -X
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP
### state tracking rules
$IPTABLES -A INPUT -m state --state INVALID -j DROP
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
### ACCEPT rules
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 22 -j DROP
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -m limit --limit 10/second -j ACCEPT
#Uncomment OutLines in RED if Logging is Required
### Create a LOGDROP chain to log dropped packets
#$IPTABLES -N LOGDROP
### Log Ruleset (Logs all packets not captured above, before dropping)
#Change the Following Parameters to Limit the amount of Logging
#LOGLIMIT="2/sec"
#LOGLIMITBURST="10"
#Log level may be one of the following: debug, info, notice, warning, warn, err, error, crit, alert, emerg, panic
#LOGLEVEL = debug
#$IPTABLES -A LOGDROP -i ! lo -p tcp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-level $LOGLEVEL --log-prefix "TCP DROP: "
#$IPTABLES -A LOGDROP -i ! lo -p udp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-level $LOGLEVEL --log-prefix "UDP DROP: "
#$IPTABLES -A LOGDROP -i ! lo -p icmp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-level $LOGLEVEL --log-prefix "ICMP DROP: "
#$IPTABLES -A LOGDROP -i ! lo -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-level #$LOGLEVEL --log-prefix "IPTABLES UNKNOWN-IN: "
### Log All Dropped Packets
#$IPTABLES -A INPUT -j LOGDROP
exit
References:
Port Knocking Description and Links to Port Knock Utilities: http://www.portknocking.org/
Port Knocking Wiki: http://en.wikipedia.org/wiki/Port_knocking
FWKNOP: http://www.cipherdyne.org/fwknop/
Using GnuPG in conjunction with FWKNOP: http://cipherdyne.org/fwknop/docs/gpghowto.html
List of Various Port Knocking Implementations: http://www.portknocking.org/view/implementations
NMAP Port Scanner: http://nmap.org/
OpenSSH server setup on Ubuntu: https://help.ubuntu.com/community/AdvancedOpenSSH
GnuPG Advanced Concepts: http://ubuntuforums.org/showthread.php?t=687173
HowTo Compile GPG (version 1 and 2) from SVN with IDEA and Camellia Ciphers: http://ubuntuforums.org/showthread.php?t=687173http://ubuntuforums.org/showthread.php?t=649466
I have a C++ application that is generating Ethernet packets using the pcap library. I originally wrote it when Ubuntu 8.10 was up to date.
On Ubuntu 8.10 it was not a problem to get 1 Gbit/s out of it. In the meanwhile I have updated that machine and now it is hard to get 100 Mbit/s out of it.
I have checked it with several machines. The program runs fastest on Ubuntu 8.10 and slows down if I upgrade to any other version. I also tried to recompile it on the newer Ubuntus, also 64bit, and experimented with some gcc optimization flags, but I can not achieve the 1 Gbit/s on newer versionsof Ubuntu.
Using gprof there is no obvious reason for this slow down, the application seems to run slower over all.
Does any one have an idea what was changed after 8.10 and what might cause this slow down in C++ applications?
If you install the pcap library using a system package, make sure to also
install the corresponding -devel package, which contains the C headers needed
to compile this module.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No 'Makefile' created'YAML' not installed, will not store persistent state
SAPER/Net-Pcap-0.16.tar.gz
/usr/local/bin/perl Makefile.PL -- NOT OK
Running make test
Make had some problems, won't test
Running make install
Make had some problems, won't install
Could not read metadata file. Falling back to other methods to determine prerequisites
Failed during this command:
SAPER/Net-Pcap-0.16.tar.gz : writemakefile NO -- No 'Makefile' created
I get this error on cpan but i got libpcap-devel install but not sure why i get this error for?
I'm trying really hard to uninstall MediaTomb, but I'm getting errors every time. I've tried apt-get remove mediatomb, apt-get -f install mediatomb, apt-get --purge remove mediatomb,apt-get autoclean...
I just can't do it! It's frustrating! I'm trying to install the pcap library, but it seems to have some trouble with MediaTomb.
I am writing a programme using the wpcap library (a library for sniffing network traffic) and I am having a really hard time to make it compile as needed.
Here is the error
dump.obj : error LNK2001: unresolved external symbol _pcap_open_offline
The code is very simple so there is no error in it. I just think VC is having a problem locationg the files!
The function pcap_open_offline is declared in pcap.h and it is included in the file, the body of the function is in pcap.c that is in the same directory as pcap.h.
I would appreciate any ideas how to get things going. Moving files, setting include directory ... any suggestions are most welcome.
10x in advance.