[BusyBox] tiny tcpdump
Erik Andersen
andersen at lineo.com
Tue Jan 2 10:55:41 UTC 2001
On Tue Jan 02, 2001 at 03:57:01AM +0000, Matthew Franz wrote:
>
> Good to see someone else thinks this might be useful. :)
>
> There are some very small non-libpcap Linux sniffers on the Packestorm
> site that don't have nearly the features of tcpdump (mainly because they
> were designed to only snatch passwords).
>
> I don't know how important portability is to busybox.
Well, with busybox the sort of portability I've been ensuring is
Linux 2.0 through 2.4 kernels, and libc5, uClibc, glibc 2.0.7, and
glibc <current>. Having things run on the Hurd make it easier for
the debian-hurd folks, but I havn't really worried about that target
too much (it is glibc based).
> I don't know how important portability is to busybox. There is also a
> small LBL sniffer called pcapture that only saves the files (vs. decoding
> packets) and doing something with the ethertap device or Linux Socket
> Filter might be worth looking into. Of course it all depends on what would
> be a minimal feature-set/maximum size that folks could agree on.
Actually, busybox is in the process of splitting out all the networking apps to
a new program called netkit-tiny (already in CVS -- compiles, and seems to
work). This will make it so I can have unaudited code in busybox (I shudder to
think that anyone might make busybox setuid root so ping will work), and only
the netkit-tiny stuff needs to be careful with security (a smaller problem
set). I already have it carefully dropping perms and such before running
non-setuid needing applets.
I would very much like a simple (arp,bootp,http, raw packets for most else by
default), non-libpcap tcpdump-esque sniffer to go into netkit-tiny. But size
is a real concern. If you think you can get it down to the 30k range as your
page suggests, then it will be a no-brainer to add it to netkit-tiny.
BTW, the link to busybox on http://trinux.sourceforge.net/utcpdump.html is
broken. Should be .com. Oh, and re the segfaults, there is no better
opensource way to find such problems then dmalloc (http://dmalloc.com/).
Simply link with -ldmalloc, then
$ export DMALLOC_OPTIONS=debug=0x14f47d83,inter=100,log=logfile
$ gdb your_app
run, and when your app misbehaves, you will have a excellent idea of what
happened. Oh, and it logs mem leaks too. Good stuff.
-Erik
--
Erik B. Andersen email: andersen at lineo.com
--This message was written using 73% post-consumer electrons--
More information about the busybox
mailing list