[BusyBox] tiny tcpdump

Erik Andersen andersen at lineo.com
Tue Jan 2 10:55:41 UTC 2001


On Tue Jan 02, 2001 at 03:57:01AM +0000, Matthew Franz wrote:
> 
> Good to see someone else thinks this might be useful. :)
> 
> There are some very small non-libpcap Linux sniffers on the Packestorm
> site that don't have nearly the features of tcpdump (mainly because they
> were designed to only snatch passwords). 
> 
> I don't know how important portability is to busybox. 

Well, with busybox the sort of portability I've been ensuring is 
Linux 2.0 through 2.4 kernels, and libc5, uClibc, glibc 2.0.7, and
glibc <current>.  Having things run on the Hurd make it easier for
the debian-hurd folks, but I havn't really worried about that target
too much (it is glibc based).

> I don't know how important portability is to busybox. There is also a
> small LBL sniffer called pcapture that only saves the files (vs. decoding
> packets) and doing something with the ethertap device or Linux Socket
> Filter might be worth looking into. Of course it all depends on what would
> be a minimal feature-set/maximum size that folks could agree on.

Actually, busybox is in the process of splitting out all the networking apps to
a new program called netkit-tiny (already in CVS -- compiles, and seems to
work).  This will make it so I can have unaudited code in busybox (I shudder to
think that anyone might make busybox setuid root so ping will work), and only
the netkit-tiny stuff needs to be careful with security (a smaller problem
set).  I already have it carefully dropping perms and such before running
non-setuid needing applets.

I would very much like a simple (arp,bootp,http, raw packets for most else by
default), non-libpcap tcpdump-esque sniffer to go into netkit-tiny.  But size
is a real concern.  If you think you can get it down to the 30k range as your
page suggests, then it will be a no-brainer to add it to netkit-tiny.

BTW, the link to busybox on http://trinux.sourceforge.net/utcpdump.html is
broken.  Should be .com.  Oh, and re the segfaults, there is no better
opensource way to find such problems then dmalloc (http://dmalloc.com/).
Simply link with -ldmalloc, then 
    $ export DMALLOC_OPTIONS=debug=0x14f47d83,inter=100,log=logfile
    $ gdb your_app
run, and when your app misbehaves, you will have a excellent idea of what 
happened.  Oh, and it logs mem leaks too.  Good stuff.

 -Erik

--
Erik B. Andersen   email:  andersen at lineo.com
--This message was written using 73% post-consumer electrons--





More information about the busybox mailing list