Merge remote-tracking branch 'og/master'

capture_linux_wifi/capture_linux_wifi.c

@@ -993,6 +993,107 @@ int probe_callback(kis_capture_handler_t *caph, uint32_t seqno, char *definition
     return 1;
 }
 
+int build_localdev_filter(char **filter) {
+    typedef struct macaddr_list {
+        uint8_t macaddr[6];
+        struct macaddr_list *next;
+    } macaddr_list_t;
+
+    macaddr_list_t *macs = NULL;
+    size_t num_macs = 0;
+    size_t filtered_macs = 0;
+    macaddr_list_t *mi = NULL, *mb = NULL;
+
+    int mode;
+
+    size_t filter_len = 0;
+    unsigned int need_and = 0;
+    size_t fpos = 0;
+
+    DIR *devdir;
+    struct dirent *devfile;
+    char errstr[STATUS_MAX];
+
+    if ((devdir = opendir("/sys/class/net/")) == NULL) {
+        *filter = NULL;
+        return 0;
+    }
+
+    /* Look at the files in the sys dir and see if they're wi-fi */
+    while ((devfile = readdir(devdir)) != NULL) {
+        /* Skip interfaces which are down */
+        if (ifconfig_get_flags(devfile->d_name, errstr, &mode) < 0) 
+            continue;
+
+        if ((mode & IFF_UP) == 0 && (mode & IFF_RUNNING) == 0)
+            continue;
+
+        mi = (macaddr_list_t *) malloc(sizeof(macaddr_list_t));
+
+        if (ifconfig_get_hwaddr(devfile->d_name, errstr, mi->macaddr) < 0) {
+            free(mi);
+            continue;
+        }
+
+        /* Skip interfaces with a 0 mac */
+        if (memcmp(mi->macaddr, "\x00\x00\x00\x00\x00\x00", 6) == 0) {
+            free(mi);
+            continue;
+        }
+
+        mi->next = macs;
+        macs = mi;
+
+        num_macs++;
+    }
+
+    closedir(devdir);
+
+    if (num_macs == 0) {
+        *filter = NULL;
+        return 0;
+    }
+
+    /*
+       For now write the filter as a string and compile it
+       'not ether host aa:bb:cc:dd:ee:ff'
+       32 bytes per mac 
+       ' and '
+       6 bytes per join
+    */
+
+    filter_len = (num_macs * 32) + ((num_macs - 1) * 6) + 1;
+
+    *filter = (char *) malloc(filter_len);
+
+    mi = macs;
+
+    while (mi != NULL) {
+        if (filtered_macs < 8) {
+            filtered_macs++; 
+
+            if (need_and) {
+                snprintf(*filter + fpos, filter_len - fpos, " and ");
+                fpos += 5;
+            }
+            need_and = 1;
+
+            snprintf(*filter + fpos, filter_len - fpos, 
+                    "not ether host %02x:%02x:%02x:%02x:%02x:%02x",
+                    mi->macaddr[0], mi->macaddr[1], mi->macaddr[2], 
+                    mi->macaddr[3], mi->macaddr[4], mi->macaddr[5]);
+            fpos += 32;
+        }
+
+        mb = mi->next;
+        free(mi);
+        mi = mb;
+    }
+
+    return num_macs;
+}
+
+
 int open_callback(kis_capture_handler_t *caph, uint32_t seqno, char *definition,
         char *msg, uint32_t *dlt, char **uuid, KismetExternal__Command *frame,
         cf_params_interface_t **ret_interface,
@@ -1040,13 +1141,17 @@ int open_callback(kis_capture_handler_t *caph, uint32_t seqno, char *definition,
 
     int ret;
 
-    char regdom[5];
+    /* char regdom[5]; */
 
     char driver[32] = "";
 
     char *localchanstr = NULL;
     local_channel_t *localchan = NULL;
 
+    int filter_locals = 0;
+    char *ignore_filter = NULL;
+    struct bpf_program bpf;
+
 #ifdef HAVE_LIBNM
     NMClient *nmclient = NULL;
     NMDevice *nmdevice = NULL;
@@ -1118,6 +1223,16 @@ int open_callback(kis_capture_handler_t *caph, uint32_t seqno, char *definition,
         }
     }
 
+    /* Do we ignore any other interfaces on this device? */
+    if ((placeholder_len = 
+                cf_find_flag(&placeholder, "filter_locals", definition)) > 0) {
+        if (strncasecmp(placeholder, "false", placeholder_len) == 0) {
+            filter_locals = 0;
+        } else if (strncasecmp(placeholder, "true", placeholder_len) == 0) {
+            filter_locals = 1;
+        }
+    }
+
     /* get the mac address; this should be standard for anything */
     if (ifconfig_get_hwaddr(local_wifi->interface, errstr, hwaddr) < 0) {
         snprintf(msg, STATUS_MAX, "Could not fetch interface address from '%s': %s",
@@ -1741,6 +1856,7 @@ int open_callback(kis_capture_handler_t *caph, uint32_t seqno, char *definition,
 
     (*ret_interface)->hardware = strdup(driver);
 
+#if 0
     /* Get the iw regdom and see if it makes sense */
     if (linux_sys_get_regdom(regdom) == 0) {
         if (strcmp(regdom, "00") == 0) {
@@ -1752,6 +1868,7 @@ int open_callback(kis_capture_handler_t *caph, uint32_t seqno, char *definition,
             cf_send_warning(caph, errstr);
         }
     }
+#endif
 
     /* Open the pcap */
     local_wifi->pd = pcap_open_live(local_wifi->cap_interface, 
@@ -1764,6 +1881,33 @@ int open_callback(kis_capture_handler_t *caph, uint32_t seqno, char *definition,
         return -1;
     }
 
+    if (filter_locals) {
+        if ((ret = build_localdev_filter(&ignore_filter)) > 0) {
+            if (ret > 8) {
+                snprintf(errstr, STATUS_MAX, "%s found more than 8 local interfaces (%d), limiting "
+                        "the exclusion filter to the first 8 because of limited kernel filter memory.",
+                        local_wifi->name, ret);
+                cf_send_message(caph, errstr, MSGFLAG_INFO);
+            }
+
+            if (pcap_compile(local_wifi->pd, &bpf, ignore_filter, 0, 0) < 0) {
+                snprintf(errstr, STATUS_MAX, "%s unable to compile filter to exclude other "
+                        "local interfaces: %s",
+                        local_wifi->name, pcap_geterr(local_wifi->pd));
+                cf_send_message(caph, errstr, MSGFLAG_INFO);
+            } else {
+                if (pcap_setfilter(local_wifi->pd, &bpf) < 0) {
+                    snprintf(errstr, STATUS_MAX, "%s unable to assign filter to exclude other "
+                            "local interfaces: %s",
+                            local_wifi->name, pcap_geterr(local_wifi->pd));
+                    cf_send_message(caph, errstr, MSGFLAG_INFO);
+                }
+            }
+
+            free(ignore_filter);
+        }
+    }
+
     local_wifi->datalink_type = pcap_datalink(local_wifi->pd);
     *dlt = local_wifi->datalink_type;
 

conf/kismet_memory.conf

@@ -52,12 +52,22 @@ track_device_seenby_views=true
 # memory, but this may break some tools and some aspects of the web UI
 track_device_phy_views=true
 
+
 # Performing manufacturer lookups can be useful, but can also be performed later
 # in post-processing.  For memory constrained systems, or systems with a very large
 # number of devices, turning off manufacturer lookup will reduce RAM.
 manuf_lookup=true
 
 
+# Kismet allocates a 512Kb buffer per IPC source and TCP remote source; for 
+# *extemely* RAM limited devices (such as openwrt devices and the pineapple tetra)
+# this can be a significant percentage of available RAM.  Lowering this number may
+# help, but lowering it too far may lead to buffers becoming filled before they
+# can be serviced.
+# ipc_buffer_kb=64
+# tcp_buffer_kb=64
+
+
 # Kismet tracks location of devices as both a running average and a 
 # "cloud" of location data which can be used by webui plugins to render more
 # location information.

datasourcetracker.cc

@@ -419,6 +419,9 @@ void datasource_tracker::trigger_deferred_startup() {
 
     next_source_num = 0;
 
+    tcp_buffer_sz = 
+        Globalreg::globalreg->kismet_config->fetch_opt_as<size_t>("tcp_buffer_kb", 512);
+
     config_defaults = 
         Globalreg::globalreg->entrytracker->register_and_get_field_as<datasource_tracker_defaults>("kismet.datasourcetracker.defaults",
                 tracker_element_factory<datasource_tracker_defaults>(),
@@ -1071,7 +1074,7 @@ void datasource_tracker::schedule_cleanup() {
 void datasource_tracker::new_remote_tcp_connection(int in_fd) {
     // Make a new connection handler with its own mutex
     auto conn_handler = 
-        std::make_shared<buffer_handler<ringbuf_v2>>((1024 * 1024), (1024 * 1024));
+        std::make_shared<buffer_handler<ringbuf_v2>>((tcp_buffer_sz * 1024), (tcp_buffer_sz * 1024));
 
     // Bind it to the tcp socket
     auto socketcli = 
@@ -1212,8 +1215,8 @@ class dst_chansplit_worker : public datasource_tracker_worker {
             bool matched_cur_chan = false;
 
             for (auto comp_chan : *compare_channels) {
-                if (GetTrackerValue<std::string>(first_chan) == 
-                        GetTrackerValue<std::string>(comp_chan)) {
+                if (get_tracker_value<std::string>(first_chan) == 
+                        get_tracker_value<std::string>(comp_chan)) {
                     matched_cur_chan = true;
                     break;
                 }
@@ -1708,7 +1711,7 @@ int datasource_tracker::httpd_post_complete(kis_net_httpd_connection *concls) {
                         converted_channels = chstruct->as_string_vector();
                     } else {
                         for (auto c : *(ds->get_source_hop_vec()))
-                            converted_channels.push_back(GetTrackerValue<std::string>(c));
+                            converted_channels.push_back(get_tracker_value<std::string>(c));
                     }
 
                     std::shared_ptr<conditional_locker<std::string> > cl(new conditional_locker<std::string>());

datasourcetracker.h

@@ -516,6 +516,9 @@ class datasource_tracker : public kis_net_httpd_cppstream_handler,
     std::shared_ptr<kis_net_httpd_simple_tracked_endpoint> defaults_endp;
     std::shared_ptr<kis_net_httpd_simple_tracked_endpoint> types_endp;
     std::shared_ptr<kis_net_httpd_simple_tracked_endpoint> list_interfaces_endp;
+
+    // Buffer sizes
+    size_t tcp_buffer_sz;
 };
 
 /* This implements the core 'all data' pcap, and pcap filtered by datasource UUID.

devicetracker_component.cc

@@ -270,7 +270,7 @@ void kis_tracked_signal_data::register_fields() {
     register_field("kismet.common.signal.max_noise", "maximum noise", &max_noise);
 
     peak_loc_id =
-        RegisterDynamicField("kismet.common.signal.peak_loc",
+        register_dynamic_field("kismet.common.signal.peak_loc",
                 "location of strongest observed signal", &peak_loc);
 
     register_field("kismet.common.signal.maxseenrate",
@@ -281,7 +281,7 @@ void kis_tracked_signal_data::register_fields() {
             "bitset of observed carrier types", &carrierset);
 
     signal_min_rrd_id =
-        RegisterDynamicField("kismet.common.signal.signal_rrd",
+        register_dynamic_field("kismet.common.signal.signal_rrd",
                 "past minute of signal data", &signal_min_rrd);
 }
 
@@ -330,7 +330,7 @@ void kis_tracked_seenby_data::register_fields() {
                 tracker_element_factory<tracker_element_uint64>(), "packets per frequency");
 
     signal_data_id =
-        RegisterDynamicField("kismet.common.seenby.signal", "signal data", &signal_data);
+        register_dynamic_field("kismet.common.seenby.signal", "signal data", &signal_data);
 }
 
 void kis_tracked_device_base::inc_frequency_count(double frequency) {
@@ -393,7 +393,7 @@ void kis_tracked_device_base::register_fields() {
 	register_field("kismet.device.base.phyid", "phy internal id", &phyid);
     register_field("kismet.device.base.name", "printable device name", &devicename);
     username_id = 
-        RegisterDynamicField("kismet.device.base.username", "user name", &username);
+        register_dynamic_field("kismet.device.base.username", "user name", &username);
     register_field("kismet.device.base.commonname", 
             "common name alias of custom or device names", &commonname);
     register_field("kismet.device.base.type", "printable device type", &type_string);
@@ -416,11 +416,11 @@ void kis_tracked_device_base::register_fields() {
     register_field("kismet.device.base.datasize", "transmitted data in bytes", &datasize);
 
     packets_rrd_id =
-        RegisterDynamicField("kismet.device.base.packets.rrd", "packet rate rrd", &packets_rrd);
+        register_dynamic_field("kismet.device.base.packets.rrd", "packet rate rrd", &packets_rrd);
     data_rrd_id =
-        RegisterDynamicField("kismet.device.base.datasize.rrd", "packet size rrd", &data_rrd);
+        register_dynamic_field("kismet.device.base.datasize.rrd", "packet size rrd", &data_rrd);
     signal_data_id =
-        RegisterDynamicField("kismet.device.base.signal", "signal data", &signal_data);
+        register_dynamic_field("kismet.device.base.signal", "signal data", &signal_data);
 
     register_field("kismet.device.base.freq_khz_map", "packets seen per frequency (khz)", &freq_khz_map);
     register_field("kismet.device.base.channel", "channel (phy specific)", &channel);
@@ -434,9 +434,9 @@ void kis_tracked_device_base::register_fields() {
                 tracker_element_factory<tracker_element_string>(), "arbitrary tag");
 
     location_id =
-        RegisterDynamicField("kismet.device.base.location", "location", &location);
+        register_dynamic_field("kismet.device.base.location", "location", &location);
     location_cloud_id =
-        RegisterDynamicField("kismet.device.base.location_cloud", 
+        register_dynamic_field("kismet.device.base.location_cloud", 
                 "historic location cloud", &location_cloud);
 
     register_field("kismet.device.base.seenby", "sources that have seen this device", &seenby_map);
@@ -452,19 +452,19 @@ void kis_tracked_device_base::register_fields() {
                 "datasource seen-by data");
 
     packet_rrd_bin_250_id =
-        RegisterDynamicField("kismet.device.base.packet.bin.250", "RRD of packets up to 250 bytes",
+        register_dynamic_field("kismet.device.base.packet.bin.250", "RRD of packets up to 250 bytes",
                 &packet_rrd_bin_250);
     packet_rrd_bin_500_id =
-        RegisterDynamicField("kismet.device.base.packet.bin.500", "RRD of packets up to 500 bytes",
+        register_dynamic_field("kismet.device.base.packet.bin.500", "RRD of packets up to 500 bytes",
                 &packet_rrd_bin_500);
     packet_rrd_bin_1000_id =
-        RegisterDynamicField("kismet.device.base.packet.bin.1000", "RRD of packets up to 1000 bytes",
+        register_dynamic_field("kismet.device.base.packet.bin.1000", "RRD of packets up to 1000 bytes",
                 &packet_rrd_bin_1000);
     packet_rrd_bin_1500_id =
-        RegisterDynamicField("kismet.device.base.packet.bin.1500", "RRD of packets up to 1500 bytes",
+        register_dynamic_field("kismet.device.base.packet.bin.1500", "RRD of packets up to 1500 bytes",
                 &packet_rrd_bin_1500);
     packet_rrd_bin_jumbo_id =
-        RegisterDynamicField("kismet.device.base.packet.bin.jumbo", "RRD of packets over 1500 bytes",
+        register_dynamic_field("kismet.device.base.packet.bin.jumbo", "RRD of packets over 1500 bytes",
                 &packet_rrd_bin_jumbo);
 
     register_field("kismet.device.base.server_uuid", 

devicetracker_httpd.cc

@@ -572,7 +572,7 @@ int device_tracker::httpd_post_complete(kis_net_httpd_connection *concls) {
                     lock.unlock();
 
                     for (auto mmpi = mmp.first; mmpi != mmp.second; ++mmpi) 
-                        devvec->push_back(SummarizeSingletracker_element(mmpi->second, summary_vec, rename_map));
+                        devvec->push_back(summarize_single_tracker_element(mmpi->second, summary_vec, rename_map));
 
                     Globalreg::globalreg->entrytracker->serialize(httpd->get_suffix(tokenurl[4]), stream, 
                             devvec, rename_map);
@@ -612,7 +612,7 @@ int device_tracker::httpd_post_complete(kis_net_httpd_connection *concls) {
                     local_shared_locker devlock(&(dev->device_mutex));
 
                     auto simple = 
-                        SummarizeSingletracker_element(dev, summary_vec, rename_map);
+                        summarize_single_tracker_element(dev, summary_vec, rename_map);
 
                     Globalreg::globalreg->entrytracker->serialize(httpd->get_suffix(tokenurl[4]), 
                             stream, simple, rename_map);
@@ -718,7 +718,7 @@ int device_tracker::httpd_post_complete(kis_net_httpd_connection *concls) {
                     auto rd = std::static_pointer_cast<kis_tracked_device_base>(rei);
                     local_shared_locker lock(&rd->device_mutex);
 
-                    outdevs->push_back(SummarizeSingletracker_element(rd, summary_vec, rename_map));
+                    outdevs->push_back(summarize_single_tracker_element(rd, summary_vec, rename_map));
                 }
 
                 Globalreg::globalreg->entrytracker->serialize(httpd->get_suffix(tokenurl[4]), stream,