Would it be a terrible idea to cut a new release? That would make it easier to package. Are there outstanding issues/features you wanted to add? This is working pretty stable for me, though I've only done basic stuff so far.

At http://libtins.github.io/download/ , section "Requirements", we could add some guides about Fedora/CentOS based systems:

For Red Hat based systems(RHEL, Fedora, CentOS, etc), you can install it executing this command as root:

yum install libpcap-devel openssl-devel

This works for me.

At http://libtins.github.io/download/ , section "Headers", it reads:

libtins' headers are inside a directory named tins, inside your default include directory. You can include individual headers, or just #include <tins/tins.>, which will include all of them.

which should be #include <tins/tins.h>.

Low priority of course. Running the example file traceroute.cpp throws an error in VS 2013:

1>  traceroute.cpp
1>traceroute.cpp(72): error C2664: 'std::thread::thread(const std::thread &)' : cannot convert argument 1 from 'void (__thiscall *)(Functor,uint32_t)' to 'void (&)(std::_Bind<true,bool,std::_Pmf_wrap<bool (__thiscall Traceroute::* )(Tins::PDU &),bool,Traceroute,Tins::PDU &>,Traceroute *const ,std::_Ph<1> &>,uint32_t)'
1>          None of the functions with this name in scope match the target type

This is referencing to:

// Start the sniff thread
std::thread sniff_thread(
   &Sniffer::sniff_loop<decltype(handler)>, 
   &sniffer, 
   handler,
   0
); 

Source code was not modified.

I've just downloaded and installed this lib at OSX 10.9 and I tried to compile coe from 2nd part of the tutorial. I've got:
main.cpp:29:17: error: call to constructor of 'Tins::Sniffer' is ambiguous
Sniffer sniffer("eth0", promisc, "ip src 192.168.0.100");
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/local/include/tins/sniffer.h:267:9: note: candidate constructor
Sniffer(const std::string &device, unsigned max_packet_size,
^
/usr/local/include/tins/sniffer.h:281:9: note: candidate constructor
Sniffer(const std::string &device, promisc_type promisc = NON_PROMISC,
^

I'm trying to compile the latest sources using VS2013 targeting x64, but I'm getting compilation errors in include/tins/internals.h. VS2013 doesn't like this template:
template <class T, class P, class=void>
struct accepts_type : std::false_type { };

template <class T, class P>
struct accepts_type<T, P,
typename std::enable_if<
std::is_same< decltype( std::declval<T>()(std::declval<P>()) ), bool>::value
>::type
> : std::true_type { };

Which would be a bug (or lack of support) in VS2013, as it compiles fine elsewhere.

However, I'm getting this even when configuring with LIBTINS_ENABLE_CXX11=0. It seems the TINS_IS_CXX11 definition in cxxstd.h does not check the HAVE_CXX11 macro from config.h.

I want to create a simple program which allows me to establish a TCP connection and sends packets of data. By following the tutorial I wrote this:

        PacketSender sender;
        try {
            IP pkt =  IP("127.0.0.1") / TCP(1111) / RawPDU("I'm a payload!");
            sender.send(pkt);

        }
        catch(socket_open_error){
            cout << "socket open error" << endl;
            return false;
        }

By testing the program I did 'nc -lk 1111'

However when running the program I enter the catch block.

If encode_domain_name is passed the empty string (""), too many bytes are added to the qname/name fields in the DNS payload.

Encoding the empty string results in "\0\0" instead of "\0".

I am using libtins successfully for live packet capture under OpenWrt. However, parsing of the radiotap header fails, only giving garbage. I have collected a pcap file taken with tcpdump from the Yun. This file shows valid header information in Wireshark, but the header is not correctly read by libtins (on my Ubuntu machine). This leads me to believe that the radiotap header from the Yun (Atheros AR9331) is not read correctly by libtins.

I'm on a Macbook Pro running 10.9.5, connected to a wireless network and trying to sniff from en0.

Compiling the latest version from github (master):
$ g++ traceroute.cpp -o traceroute -O3 -std=c++11 -lpthread -ltins

Running with any IPs:

$ ./traceroute 10.0.1.1
libc++abi.dylib: terminating
Abort trap: 6

It seems that the error is spewed out on this line:

sender.send(ip);

Which is strange because I can get the simple a simple packet sending program to work:

using namespace Tins;
int main() {
    NetworkInterface iface = NetworkInterface::default_interface();
    NetworkInterface::Info info = iface.addresses();
    EthernetII eth("77:22:33:11:ad:ad", info.hw_addr);
    eth /= IP("192.168.0.1", info.ip_addr);
    eth /= TCP(13, 15);
    eth /= RawPDU("I'm a payload!");
    PacketSender sender;
    sender.send(eth, iface);
}

The main difference from both these programs seems to be the call to send receiving the extra "iface" argument. However, since we are sending L3 packets, we shouldn't need it.

I have looked around libtins and can't find a simple way to fetch a filtered list of devices. I am C++ n00b so bear with me :)

I am trying to list non-loopback devices and while I can still drop into pcap to do so, I wonder if I am overlooking similar functionality in libtins.

I implemented an custom functor for passing into generic_iface_loop but then I get lost in creating a predicate to use for testing is_loopback somehow for appending to my set. I fiddled around with NetworkInterface and IPv4Address but cant wrap my head around using them... eg

//yup, I stole this
struct NonLoopbackCollector {
    set<string> ifaces;

#ifdef WIN32
    bool operator() (PIP_ADAPTER_ADDRESSES addr) {
        //some predicate for testing this !is_loopback()
        ifaces.insert(addr->AdapterName);
        return false;
    }
#else
    bool operator() (struct ifaddrs *addr) {
        //some predicate for testing this !is_loopback()
        ifaces.insert(addr->ifa_name);
        return false;
    }
#endif
};

Should I just do this in pcap or am I being thick?

I configured using

./configure --enable-c++11 --enable-static

I run into this compile error:
https://gist.github.com/dachziegel/c382dcada844d74025a1

Ubuntu 12.04 64bit
GCC 4.8.1

Hello there,

First of all I'd like to state that this is a really interesting library and that it's pretty unique (couldn't find anything else doing the same in C++). I have been trying for a couple hours to link the library with Qt Creator and I haven't managed to succeed... (Same for Visual Studio 2013)

Winpcap linking works just fine.

• Linking winpcap (works).
  INCLUDEPATH += C:\WpdPack\Include
  LIBS += -L C:\WpdPack\Lib\x64 -lwpcap - lpacket
• Linking libtins (doesn't work).
  LIBS += -L C:\libtins -ltins

I also compiled the library multiple times incase that was the problem. (Compiled with VS, compiled with cmake, compiled with C++11 flag and without, etc)

I would appreciate any help as I am really keen on this specific library, thank you.

I am running into an issue trying to get access to the packet timestamp. When I try to construct a Tins::Packet it tells me that it can't because the PtrPacket copy constructor is private.

I added tins in Qt and while running following code:

void MainWindow::on_pushButton_clicked()
{
//Sniffer("eth0").Tins::Sniffer::sniff_loop(callback);

Sniffer sniffer("wlan0", Sniffer::PROMISC);

    // Only capture udp packets sent to port 53
    sniffer.set_filter("udp and dst port 53");

    // Start the capture
    sniffer.sniff_loop(callback);

}

bool MainWindow::callback(const PDU &pdu) {
const IP &ip = pdu.rfind_pdu(); // Find the IP layer
const TCP &tcp = pdu.rfind_pdu(); // Find the TCP layer
std::cout << ip.src_addr() << ':' << tcp.sport() << " -> "
<< ip.dst_addr() << ':' << tcp.dport() << std::endl;
return true;
}

I get this error:

/home/sanket/workspace/canBeFinal/mainwindow.cpp:30: error: no matching function for call to 'Tins::Sniffer::sniff_loop()'
sniffer.sniff_loop(callback);
^
../canBeFinal/mainwindow.cpp: In member function 'void MainWindow::on_pushButton_clicked()':
../canBeFinal/mainwindow.cpp:30:36: error: no matching function for call to 'Tins::Sniffer::sniff_loop()'
sniffer.sniff_loop(callback);
^
../canBeFinal/mainwindow.cpp:30:36: note: candidate is:
In file included from /usr/local/include/tins/tins.h:54:0,
from ../canBeFinal/mainwindow.h:5,
from ../canBeFinal/mainwindow.cpp:1:
/usr/local/include/tins/sniffer.h:577:10: note: void Tins::BaseSniffer::sniff_loop(Functor, uint32_t) [with Functor = bool (MainWindow::)(const Tins::PDU&); uint32_t = unsigned int]
void Tins::BaseSniffer::sniff_loop(Functor function, uint32_t max_packets) {
^
/usr/local/include/tins/sniffer.h:577:10: note: no known conversion for argument 1 from '' to 'bool (MainWindow::)(const Tins::PDU&)'
make: *** [mainwindow.o] Error 1
15:07:15: The process "/usr/bin/make" exited with code 2.
Error while building/deploying project canBeFinal (kit: Desktop Qt 5.3 GCC 64bit)
When executing step 'Make'
15:07:15: Elapsed time: 00:01.

I have defined callback() function in Header file already.

Please help. Thank You.

Hi,

First of all, thanks for developing Libtins! I would like to ask an enhancement:

• Support for VXLAN encapsulation :)
• A tutorial on how to create a new PDU type (so that I can write the encap myself)

Would you like to replace any double quotes by angle brackets around file names for include statements?

I'm trying to execute the beacon_display example but I get this uncaught exception :

terminate called after throwing an instance of 'std::runtime_error'
what(): wlan0: That device doesn't support monitor mode

But I think my device is capable of monitor mode because
I did :
sudo ifconfig wlan0 down
sudo iwconfig wlan0 mode monitor
sudo ifconfig wlan0 up

(use sudo iwconfig wlan0 mode managed to restore normal mode)

then sudo iwconfig shows that I'm in monitor mode.
and then sudo tcpdump -i wlan0 -n
is able to monitor raw signals :
00:24:12.344248 6.0 Mb/s 2457 MHz 11g -53dB signal antenna 1 CF-End RA:ff:ff:ff:ff:ff:ff
00:24:12.344844 54.0 Mb/s 2457 MHz 11g -53dB signal antenna 1 CF +QoS Data IV:697676 Pad 20 KeyID 0
00:24:12.344860 24.0 Mb/s 2457 MHz 11g -56dB signal antenna 1 Acknowledgment RA:00:1f:3b:73:97:6f
00:24:12.349370 1.0 Mb/s 2457 MHz 11b -87dB signal antenna 1 Beacon (FreeboxDucout) [1.0* 2.0* 5.5* 11.0* 9.0 18.0 36.0 54.0 Mbit] ESS CH: 11, PRIVACY

Could you please advice ?
Thank you

Correct me if I'm wrong, but with the drop of autotools in favor of CMake the file libtins.pc.in (configured by Makefile.in) was removed.

We use libtins heavily in our development and this is be very useful for us.

Thanks for your time and for libtins.

I am trying to create an IPv6 packet encapsulated in another IPv6 packet, with:

IPv6 packet = IPv6("1::1", "2::2");
packet /= IPv6("3::3", "4::4");
vector<uint8_t> raw = packet.serialize();

When I serialize this packet, the next header field of the outside IPv6 packet is 0xff (instead of 0x29 (41)).

If I modify the function Internals::pdu_flag_to_ip_type to add a case for IPv6, the serialization works as expected.

i tried running beacon_display:

kyle:examples kyle$ make beacon_display; ./beacon_display en0
g++ beacon_display.cpp -o beacon_display -Wall -g -O2 -ltins    
libc++abi.dylib: terminating with uncaught exception of type std::runtime_error: Invalid filter
Abort trap: 6

if i change the filter to "" (empty string), the code executes without a runtime error.

i can also use some other filters like "src net 192.168.6.170" without errors.

in both of the above examples (empty filter, single ip src) the BeaconSniffer::callback() is never called.

i can try to look into this more but wanted to report it first. i think you can be not-in-monitor-mode and still see some traffic from pcap, but i have to check.

Would it make sense to allow libtins to run either on top of libpcap (like it does today), or other packet capturing technologies -- which are potentially faster -- like netmap [1]?

[1] http://info.iet.unipi.it/~luigi/netmap/

Hi again :)

As always thank you very much for your time developing libtins. As with merge request #45 pkg-config support was re-added to current master. We heavily use libtins at work at it would be very useful if a new release is published, as we could streamline our development process, build system and yocto recipes.

Thanks in advance for your consideration.

first: amazing library. i can see it's aimed at linux users, but i'm trying to get it running more comfortably on os x.

on os x there is no iwconfig, and i can't find any other way to create a virtual interface for monitor mode on my wireless interface. so when i want to use monitor mode i need to call pcap_set_rfmon(). here's a snippet from a pcap-only program i was writing:

string interface = "en0";
pcap = pcap_create(interface.c_str(), errbuf);
pcap_set_rfmon(pcap, 1);
pcap_set_snaplen(pcap, 2048);
pcap_set_promisc(pcap, 1);
pcap_set_timeout(pcap, 512);
pcap_activate(pcap);

string filter = "";
struct bpf_program fp;
pcap_compile(pcap, &fp, filter.c_str(), 0, 0);
pcap_setfilter(pcap, &fp);

right now in Sniffer, we're using pcap_open_live(). i looked around and pcap_open_live() is just a wrapper for pcap_create() plus a few other things, and is called an "old api" on the tcpdump mailing list http://seclists.org/tcpdump/2012/q1/15

my idea is to refactor of Sniffer to use pcap_create(), explicitly calling pcap_rfmon(), allowing os x users to use monitor mode.

Hi,

I've traced failures to parse "trivial" dnames in DNS queries to DNS::compose_name.

I've changed ptr into end: (line 330 @ head)
was: if(index < 0x0c || (&records_data[0] + (index - 0x0c)) >= ptr)
now: if(index < 0x0c || (&records_data[0] + (index - 0x0c)) >= end)

Does this make sense to you? I can provide a buffer/PCAP file that re-produces this issue.

Thanks in advance,
Yotam.

Hi everyone,

we now have a new build system. You should have a look at this post in the Google group to read about this.

Cheers,
Matias

Would it be possible to include a pre-compiled 'libtins.a' library with the libtins-latest-win32 archive? Using QT projects with cross-platform intentions require a static Unix library. Including this with the pre-compiled Windows library download would really help.

(Issue changed. See below)

the ICMP::check() conflicts with some kind of built in macro

http://stackoverflow.com/questions/22561189/declaration-does-not-declare-anything-and-expected-unqualified-id

i don't get this when running it with gcc, so it's either llvm causing a bug or some osx headers somewhere. because it's not a public api, i'm going to just rename it to checksum.

DNS SOA records couldnt set also length couldnt calculated correctly

• primary name server
• responsible authority mailbox
• serial number
• refresh interval
• retry interval
• expire limit
• minimum ttl

You can see in below image

I want to retrieve signal stregth (SSI) in dBm from sniffer of libtins, through RadioTap::dbm_signal(), but it gave wrong result (always 0). In fact, in constructor of RadioTap:

RadioTap::RadioTap(const uint8_t *buffer, uint32_t total_sz)

buffer[0x16] contains the correct SSI value.

using libtins 2.0 (libtins2-2.0-1) on Ubuntu 14.10, gcc 4.9.1

BTW: Could you please add a pointer to the raw buffer in PDU?

Hellow Friends
I have problem with using our library on Windows x64 Ultimate and VS 2013

The project compiling is success, bun when i runing examples i get memory leak error
what happen?

when i compile tins in vs i get many waring like this:
Warning 1 warning C4820: '_wfinddata64i32_t' : '4' bytes padding added after data member '_wfinddata64i32_t::attrib' C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\include\wchar.h 119

When I try generating an ICMPv6 header, the checksum that is automatically generated is incorrect.

My code is this

bool print(TCPStream &www){
const RawPDU::payload_type& payload = www.server_payload();
std::cout<<payload.size()<<std::endl;
return true;
}

int main() {
Sniffer eth("eth0");
TCPStreamFollower test = TCPStreamFollower();
test.follow_streams(eth,print);
return 1;
}

And captured the Ubuntu downloading. (http://releases.ubuntu.com/12.04/ubuntu-12.04.4-desktop-i386.iso)

Ubuntu size is more than 700mb. But stop at 20mb.

What is the problem?

I'm trying to use the libtins in openFrameworks (32bit)

Building libtins with cmake ../naturally produces a 64bit library, returning the linker error

ld: warning: ignoring file /usr/local/lib/libtins.dylib, file was built for x86_64 which is not the architecture being linked (i386): /usr/local/lib/libtins.dylib
Undefined symbols for architecture i386:
  "Tins::SnifferConfiguration::SnifferConfiguration()", referenced from:
      ofApp::setup() in ofApp.o
  "Tins::SnifferConfiguration::set_filter(std::string const&)", referenced from:
      ofApp::setup() in ofApp.o
ld: symbol(s) not found for architecture i386

Building libtins withcmake "-DCMAKE_OSX_ARCHITECTURES=i386" ../ instead, then the first warning disappears, indicating that the library is correctly being included, but i still get the linker error:

Undefined symbols for architecture i386:
  "Tins::SnifferConfiguration::set_filter(std::string const&)", referenced from:
      ofApp::setup() in ofApp.o
ld: symbol(s) not found for architecture i386

Any ideas why this won't work?

Hi there.

I've recently become aware of libtins and it seems like and awesome fit for some projects I'm working on. Thanks for your work.

It would be nice though to have support for QinQ and MPLS labels. It seems to me that MPLS might be a little more involved, but QinQ should be fairly straightforward to implement.

Best regards.

Ive been writing a small app using your library which provides airodump-ng type functionality to mac osx .Firstly, awesome library, it was really easy to get going on this application using your beacon sniffer example as a reference. I did however have a couple of questions regarding the RF side of things.

1. Is it possible to choose the RF channel for monitor mode? From my understanding Pcap doesnt provide this functionality, and looking at the source of airmon-ng it seems they use iwconfig which isnt available on Macs. At the moment, my NIC goes into monitor mode on a n arbitrary channel, I think its based on what AP I was previously connected to. So sometime I see 5180(Channel 36) and other time i see 2462 (Channel 11). Is there some way for me to set the Channel on the card?
2. Is the RadioTap data coming directly from the driver? Just trying to get a better understanding of what the range of values I see for db_signal()/dbm_signal() mean.

First off, wanted to say thank you for all the hard work on this library. Certainly beats rolling all this myself.

I'm wondering if there's any means to retain the pcap header timestamps through the sniff_loop execution. It appears (though please correct me if I'm mistaken) that there is no overload to take in a loop functor with a Packet& argument instead of a PDU, and as near as I can tell that effectively makes retrieving the original pcap pkthdr timestamp impossible via the loop api.

There are a few ways I could see solving this with either new loop methods, overloads, or some relatively gnarly SFINAE, but I'm not sure what you'd have in mind.

I am using libtins in a project together with boost::asio (ssl wrapper) amoung some other libraries. If I include tins/tins.h after boost/asio/ssl.hpp I am not able to compile the code. If I include tins first it compiles without any errors.

I am attaching a minimal example with an empty main-block and just the two include lines which reproduces the problem.

My guess is that CERT in the QueryType in libtins dns header collides with the CERT data structure in openssl. Would an enum class or wrapping it in a struct help?

error msg
https://gist.github.com/anonymous/f9642cf29775a4137c0d

 $ g++ ok.cc -ltins -lboost_system -lssl -lcrypto -std=c++11

https://gist.github.com/anonymous/f9b26e298dcf9f2fa47a

$ g++ fails.cc -ltins -lboost_system -lssl -lcrypto -std=c++11

https://gist.github.com/anonymous/37ee0798607d39eeff90

UPDATE:
kernel version: 3.12.37-2
libtins version: 3.1-1
boost version: boost 1.57.0-3
g++ (GCC) 4.9.2 20150204 (prerelease)

I tried to add pull request, but there's no branch for those and pushing a new branch fails with a 403 error - so here goes:

When ICMPv6 checsum is calculated, only calculates to the end of the ICMPv6 PDU.
If there's any payload the checksum will be wrong. Most types don't have a payload (so the checksum is correct), but ICMPv6 pings always have one, so ping6 fails.

Here´s a simple fix.
I guess that "buffer_start + full_sz" could be replaced with "buffer + total_sz" if the total_sz were not modified inside a TINS_DEBUG define.

I also added a few types to the has_options() function. There are surely more (MLD: 130-132?), so maybe a switch/case is the best way to handle all types.

diff --git a/src/icmpv6.cpp b/src/icmpv6.cpp
index 0bbff3e..374795f 100644
--- a/src/icmpv6.cpp
+++ b/src/icmpv6.cpp
@@ -196,6 +196,7 @@ void ICMPv6::write_serialization(uint8_t *buffer, uint32_t total_sz, const PDU *
     #ifdef TINS_DEBUG
     assert(total_sz >= header_size());
     #endif
+    uint32_t full_sz = total_sz;
     uint8_t *buffer_start = buffer;
     _header.cksum = 0;
     std::memcpy(buffer, &_header, sizeof(_header));
@@ -231,7 +232,7 @@ void ICMPv6::write_serialization(uint8_t *buffer, uint32_t total_sz, const PDU *
                                 ipv6->dst_addr(), 
                                 size(), 
                                 Constants::IP::PROTO_ICMPV6
-                            ) + Utils::do_checksum(buffer_start, buffer);
+                            ) + Utils::do_checksum(buffer_start, buffer_start + full_sz);
         while (checksum >> 16) 
             checksum = (checksum & 0xffff) + (checksum >> 16);
[2]+  Done                    gitk
guei@ubuntu:~/git/libtins$ git diff src/icmpv6.cpp > file
guei@ubuntu:~/git/libtins$ cat file
diff --git a/src/icmpv6.cpp b/src/icmpv6.cpp
index 0bbff3e..374795f 100644
--- a/src/icmpv6.cpp
+++ b/src/icmpv6.cpp
@@ -196,6 +196,7 @@ void ICMPv6::write_serialization(uint8_t *buffer, uint32_t total_sz, const PDU *
     #ifdef TINS_DEBUG
     assert(total_sz >= header_size());
     #endif
+    uint32_t full_sz = total_sz;
     uint8_t *buffer_start = buffer;
     _header.cksum = 0;
     std::memcpy(buffer, &_header, sizeof(_header));
@@ -231,7 +232,7 @@ void ICMPv6::write_serialization(uint8_t *buffer, uint32_t total_sz, const PDU *
                                 ipv6->dst_addr(), 
                                 size(), 
                                 Constants::IP::PROTO_ICMPV6
-                            ) + Utils::do_checksum(buffer_start, buffer);
+                            ) + Utils::do_checksum(buffer_start, buffer_start + full_sz);
         while (checksum >> 16) 
             checksum = (checksum & 0xffff) + (checksum >> 16);
         this->checksum(~checksum);
@@ -239,10 +240,21 @@ void ICMPv6::write_serialization(uint8_t *buffer, uint32_t total_sz, const PDU *
     }
 }

-// can i haz more?
+// sequential: 133 to 137 - or possibly 130 to 137
 bool ICMPv6::has_options() const {
-    return type() == NEIGHBOUR_SOLICIT ||
-            type() == ROUTER_ADVERT;
+    return (ROUTER_SOLICIT <= type() && type() <= REDIRECT);
+//     switch (type())
+//     {
+//     case NEIGHBOUR_SOLICIT:
+//     case NEIGHBOUR_ADVERT:
+//     case ROUTER_SOLICIT:
+//     case ROUTER_ADVERT:
+//     case REDIRECT:
+//         return true;
+//     default:
+//         break;
+//     }
+//     return false;
 }

 void ICMPv6::add_option(const option &option) {

Hi,

We are using libtins library in one of my project. Its simply superb.
We need some following features,

1. In crypto.cpp, is it possible to change private variable to protected in class WPA2Decrypter. So that, if any body wants to derive and over load function "decrypt".
2. Getter and Setter for captured handshakes, so that even if we restart application, we can apply stored handshakes.

If you are okay to make above features from my side, I can do it and send patch to you. you can review and apply patch if its okay. Please throw you thoughts.

Found following issues:

1. In SessionKeys::SessionKeys(const RSNHandshake &hs, const pmk_type &pmk) function, looks like some memory corruption occurring on variable uint8_t MIC[16] because my application getting segment fault when returning from that constructor. If I do malloc, not getting that issue.
2. when trying cross compile source code on gcc version 4.8.3 by enabling C++11, it was not enabling and it is showing error "pcap_get_pfring_id" not found, however we are not using this variable in libtins.
3. If I enable C++11, am getting following errors(I am using GCC version 4.8.3):
   Cross Compile command:

"cmake ../libtins/ -DCMAKE_FIND_ROOT_PATH=/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/usr/ -DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY=ONLY -DCMAKE_CXX_COMPILER=/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/bin/mips-openwrt-linux-uclibc-g++ -DLIBTINS_ENABLE_WPA2=1 -DCMAKE_INSTALL_PREFIX:PATH=/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/ -DLIBTINS_ENABLE_CXX11=1 -DPCAP_INCLUDE_DIR=/home/openwrt/libtins/pcap/install_pcap/include/ -DPCAP_LIBRARY=/home/openwrt/libtins/pcap/install_pcap/lib/"

-- Looking for pcap_get_pfring_id - not found
-- Performing Test _HAS_CXX11_FLAG
-- Performing Test _HAS_CXX11_FLAG - Success
-- Checking C++11 support for "func"
-- Checking C++11 support for "func": not supported
-- Checking C++11 support for "auto"
-- Checking C++11 support for "auto": not supported
-- Checking C++11 support for "auto_ret_type"
-- Checking C++11 support for "auto_ret_type": not supported
-- Checking C++11 support for "class_override_final"
-- Checking C++11 support for "class_override_final": not supported
-- Checking C++11 support for "constexpr"
-- Checking C++11 support for "constexpr": not supported
-- Checking C++11 support for "cstdint"
-- Checking C++11 support for "cstdint": not supported
-- Checking C++11 support for "decltype"
-- Checking C++11 support for "decltype": not supported
-- Checking C++11 support for "initializer_list"
-- Checking C++11 support for "initializer_list": not supported
-- Checking C++11 support for "lambda"
-- Checking C++11 support for "lambda": not supported
-- Checking C++11 support for "long_long"
-- Checking C++11 support for "long_long": not supported
-- Checking C++11 support for "nullptr"
-- Checking C++11 support for "nullptr": not supported
-- Checking C++11 support for "regex"
-- Checking C++11 support for "regex": not supported
-- Checking C++11 support for "rvalue-references"
-- Checking C++11 support for "rvalue-references": not supported
-- Checking C++11 support for "sizeof_member"
-- Checking C++11 support for "sizeof_member": not supported
-- Checking C++11 support for "static_assert"
-- Checking C++11 support for "static_assert": not supported
-- Checking C++11 support for "variadic_templates"
-- Checking C++11 support for "variadic_templates": not supported
CMake Error at CMakeLists.txt:72 (MESSAGE):
C++11 features requested but the compiler does not support them.

I commented out all check points and added "-std=c++11" flag in flags.make file, its working. Am not sure, what went wrong while configuring to enable c++11 features.

Could you please help me to solve above issues.

Please let me know if you need further information.

Thanks and Regards,
Prasad

I've noticed the BaseSniffer class has a get_fd() method that is never called. Would it be possible to create a parameter in the sniffer to control the maximum amount of time it blocks if no packets are received?

What I'd like to achieve is an implementation which handles packets in sniff_loop as they arrive (setting timeout to 0), but which would be able to periodically check for a stop condition if no packets are received.

Thanks in advance.

Would you like to add the configuration script "AX_PTHREAD" to your build specification?

the latest version of xcode doesn't ship with autoconf, you have to install it separately:

curl -OL http://ftpmirror.gnu.org/autoconf/autoconf-2.68.tar.gz
tar -xzf autoconf-2.68.tar.gz
cd autoconf-2.68
./configure
make
sudo make install

this took me a little googling, so i suspect others will run into this too.

I configured using

./configure --enable-c++11 --disable-dot11 --enable-static

I run into this compile error:
https://gist.github.com/dachziegel/aee04e5eb6bb129eb26f

Ubuntu 12.04 64bit
GCC 4.8.1

If i compile this as .so then it'll work in ip packet parsing?

Hello,

First of all, thanks for this good library! It can make my life much easier.

My question is, is it possible that you modify the payload of a packet before it gets sent in sniffer mode? If I want to do packet injection, can I leverage this library? If so, might you give an example?

Thanks a lot!

i wanted to be able to do something like this:

PDU *cur = &pdu;
while(cur) {
    cout << cur->pdu_type() << " ";
    cur = cur->inner_pdu();
}

to get an idea for the structure of a PDU. to make the output more useful i added this function, which might be helpful in the utils. or, there might be a feature of c++11 i don't know about... :)

std::ostream& operator<<(std::ostream& out, const PDU::PDUType value){
    const char* s = 0;
#define ENUM_TEXT(p) case(PDU::p): s = #p; break;
    switch(value){
        ENUM_TEXT(RAW);
        ENUM_TEXT(ETHERNET_II);
        ENUM_TEXT(IEEE802_3);
        ENUM_TEXT(RADIOTAP);
        ENUM_TEXT(DOT11);
        ENUM_TEXT(DOT11_ACK);
        ENUM_TEXT(DOT11_ASSOC_REQ);
        ENUM_TEXT(DOT11_ASSOC_RESP);
        ENUM_TEXT(DOT11_AUTH);
        ENUM_TEXT(DOT11_BEACON);
        ENUM_TEXT(DOT11_BLOCK_ACK);
        ENUM_TEXT(DOT11_BLOCK_ACK_REQ);
        ENUM_TEXT(DOT11_CF_END);
        ENUM_TEXT(DOT11_DATA);
        ENUM_TEXT(DOT11_CONTROL);
        ENUM_TEXT(DOT11_DEAUTH);
        ENUM_TEXT(DOT11_DIASSOC);
        ENUM_TEXT(DOT11_END_CF_ACK);
        ENUM_TEXT(DOT11_MANAGEMENT);
        ENUM_TEXT(DOT11_PROBE_REQ);
        ENUM_TEXT(DOT11_PROBE_RESP);
        ENUM_TEXT(DOT11_PS_POLL);
        ENUM_TEXT(DOT11_REASSOC_REQ);
        ENUM_TEXT(DOT11_REASSOC_RESP);
        ENUM_TEXT(DOT11_RTS);
        ENUM_TEXT(DOT11_QOS_DATA);
        ENUM_TEXT(LLC);
        ENUM_TEXT(SNAP);
        ENUM_TEXT(IP);
        ENUM_TEXT(ARP);
        ENUM_TEXT(TCP);
        ENUM_TEXT(UDP);
        ENUM_TEXT(ICMP);
        ENUM_TEXT(BOOTP);
        ENUM_TEXT(DHCP);
        ENUM_TEXT(EAPOL);
        ENUM_TEXT(RC4EAPOL);
        ENUM_TEXT(RSNEAPOL);
        ENUM_TEXT(DNS);
        ENUM_TEXT(LOOPBACK);
        ENUM_TEXT(IPv6);
        ENUM_TEXT(ICMPv6);
        ENUM_TEXT(SLL);
        ENUM_TEXT(DHCPv6);
        ENUM_TEXT(DOT1Q);
        ENUM_TEXT(PPPOE);
        ENUM_TEXT(STP);
        ENUM_TEXT(PPI);
        ENUM_TEXT(IPSEC_AH);
        ENUM_TEXT(IPSEC_ESP);
        ENUM_TEXT(USER_DEFINED_PDU);
    }
#undef ENUM_TEXT
    return out << s;
}

Sniffer is working without any issues however, the timeout configuration does not end the sniffer.

using namespace Tins;
bool callback(const PDU &pdu) {
    const RawPDU &data = pdu.rfind_pdu<RawPDU>();
    const RawPDU::payload_type& payload = data.payload();
    return true;
}

int main() {
    SnifferConfiguration config;
    config.set_timeout(5);
    Sniffer("lo", config).sniff_loop(callback, 1);
    return 0;
}