packetkit

Cargo.toml

@@ -1,13 +1,31 @@
 [package]
 name = "packetkit"
-version = "0.1.0"
+version = "1.0.0"
+description = "Rust Packet Sniffer"
+authors = ["krisna pranav"]
+license = "GPL-3.0"
+repository = "https://github.com/krishpranav/packetkit"
+categories = ["command-line-utilities"]
+readme = "README.md"
+exclude = ["pcaps/**/*", "**/*.pcap"]
 edition = "2018"
 
+[package.metadata.deb]
+license-file = [ "LICENSE" ]
+extended-description = """\
+packetkit is a network sniffer written in rust. Network packets are parsed \
+concurrently using a thread pool to utilize all cpu cores. Project goals are \
+that you can run packetkit securely on untrusted networks and that it must \
+not crash when processing packets. The output should be as useful as possible \
+by default.\
+"""
+depends = "$auto"
+section = "net"
+priority = "optional"
+
 [lib]
 doc = false
 
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
 [dependencies]
 structopt = "0.3"
 anyhow = "1"
@@ -39,4 +57,4 @@ syscallz = "0.15"
 #syscallz = { path="../syscallz-rs" }
 
 [dev-dependencies]
-boxxy = "0.11"
+boxxy = "0.11"

README.md

@@ -34,4 +34,4 @@ $ packetkit -vvvv en0
 packetkit is a network sniffer written in rust. Network packets are parsed concurrently using a thread pool to utilize all cpu cores.
 Project goals are that you can run packetkit securely on untrusted networks and that it must not crash when processing packets.
 The output should be as useful as by default.
-```
+```

benches/bench.rs

@@ -124,4 +124,4 @@ mod tests {
             centrifuge::parse_eth(&pkt).ok();
         });
     }
-}
+}

ci/Dockerfile

@@ -0,0 +1,7 @@
+FROM rust:latest
+ARG TARGET
+WORKDIR /app
+COPY . .
+RUN rustup install "stable-$TARGET" \
+    && rustup target add "$TARGET"
+RUN ci/setup.sh linux

ci/boxxy_stage0.txt

@@ -0,0 +1 @@
+cat README.md

ci/boxxy_stage1.txt

@@ -0,0 +1,2 @@
+stage1
+cat README.md

ci/boxxy_stage2.txt

@@ -0,0 +1,3 @@
+stage1
+stage2
+cat README.md

ci/build.sh

@@ -0,0 +1,27 @@
+#!/bin/sh
+set -ex
+
+case "$TARGET" in
+    aarch64-unknown-linux-gnu)
+        export RUSTFLAGS="-C linker=aarch64-linux-gnu-gcc-6"
+        ;;
+esac
+
+case "$BUILD_MODE" in
+    release)
+        cargo build --verbose --release --target="$TARGET"
+        ls -lah "target/$TARGET/release/packetkit"
+        file "target/$TARGET/release/packetkit"
+        ;;
+    boxxy)
+        cargo build --verbose --examples
+        ;;
+    reprotest)
+        docker build -t reprotest-packetkit -f docs/Dockerfile.reprotest .
+        ;;
+    cross)
+        docker build --build-arg TARGET="$TARGET" -t "packetkit-test-$TARGET" -f ci/Dockerfile .
+        # restart this script but inside the container and without BUILD_MODE=cross
+        docker run -e TARGET="$TARGET" "packetkit-test-$TARGET" ci/build.sh
+        ;;
+esac

ci/reprotest.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+set -xue
+
+# tested with rustc 1.22.1 and cargo 0.23.0
+
+# by default, the build folder is located in /tmp, which is a tmpfs. The target/ folder
+# can become quite large, causing the build to fail if we don't have enough RAM.
+export TMPDIR="$HOME/tmp/repro-test"
+mkdir -p "$TMPDIR"
+
+reprotest -vv --vary=-time,-domain_host --source-pattern 'Cargo.* src/' '
+    CARGO_HOME="$PWD/.cargo" RUSTUP_HOME='"$HOME/.rustup"' \
+        RUSTFLAGS="--remap-path-prefix=$HOME=/remap-home --remap-path-prefix=$PWD=/remap-pwd" \
+        cargo build --release --verbose' \
+    target/release/packetkit

ci/setup.sh

@@ -0,0 +1,50 @@
+#!/bin/sh
+set -ex
+
+case "$1" in
+    linux)
+        if [ -z "$TRAVIS" ]; then
+            case "$TARGET" in
+                aarch64-unknown-linux-gnu)
+                    dpkg --add-architecture arm64
+                    ;;
+                i686-unknown-linux-gnu)
+                    dpkg --add-architecture i386
+                    ;;
+            esac
+        fi
+
+        apt-get -q update
+
+        if [ -n "$TRAVIS" ]; then
+            # update docker
+            apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
+        fi
+
+        case "$TARGET" in
+            x86_64-unknown-linux-gnu)
+                apt-get install -qy \
+                    libpcap-dev \
+                    libseccomp-dev
+                ;;
+            aarch64-unknown-linux-gnu)
+                if [ -z "$TRAVIS" ]; then
+                    apt-get install -qy gcc-6-aarch64-linux-gnu \
+                        libpcap0.8-dev:arm64 \
+                        libseccomp-dev:arm64
+                fi
+                ;;
+            i686-unknown-linux-gnu)
+                if [ -z "$TRAVIS" ]; then
+                    apt-get install -qy gcc-multilib \
+                        libpcap0.8-dev:i386 \
+                        libseccomp-dev:i386
+                fi
+                ;;
+            *)
+                echo "UNKNOWN TARGET: $TARGET"
+                exit 1
+                ;;
+        esac
+        ;;
+esac

ci/test.sh

@@ -0,0 +1,30 @@
+#!/bin/sh
+set -ex
+
+case "$BUILD_MODE" in
+    release)
+        RUST_LOG=packetkit target/$TARGET/release/packetkit -r pcaps/SkypeIRC.pcap > /dev/null
+        ;;
+    boxxy)
+        if ! cat ci/boxxy_stage0.txt | RUST_LOG=boxxy cargo run --example boxxy | grep -q 'cargo run --example boxxy'; then
+            echo SANDOX ERROR: expected match
+            exit 1
+        fi
+
+        if ! cat ci/boxxy_stage1.txt | RUST_LOG=boxxy cargo run --example boxxy | grep -q 'cargo run --example boxxy'; then
+            echo SANDOX ERROR: expected match
+            exit 1
+        fi
+
+        if cat ci/boxxy_stage2.txt | RUST_LOG=boxxy cargo run --example boxxy | grep -q 'cargo run --example boxxy'; then
+            echo SANDOX ERROR: expected NO match
+            exit 1
+        fi
+        ;;
+    reprotest)
+        docker run --privileged reprotest-packetkit ci/reprotest.sh || true
+        ;;
+    cross)
+        # do not execute tests when cross compiling
+        ;;
+esac

docs/packetkit.1

@@ -0,0 +1,135 @@
+.TH packetkit "1" "May 2020" "packetkit 0.11.1" "User Commands"
+.SH NAME
+packetkit \- secure multithreaded packet sniffer
+
+.SH SYNOPSIS
+.B packetkit
+[\fB\-vrpVh\fR]
+[\fB\-n <threads>\fR]
+.IR device
+
+.SH DESCRIPTION
+.B packetkit
+is a network sniffer written in rust. Network packets are parsed concurrently
+using a thread pool to utilize all cpu cores. Project goals are that you can
+run \fBpacketkit\fR securely on untrusted networks and that it must not crash
+when processing packets. The output should be as useful as possible by default.
+
+.SH OPTIONS
+.TP
+\fB\-v\fR, \fB\-\-verbose\fR
+Increase filter sensitivity to show more (possibly less useful) packets.
+The default only shows few packets, this flag can be specified multiple times. (maximum: 4)
+.TP
+\fB\-h\fR, \fB\-\-help\fR
+Prints help information
+.TP
+\fB\-p\fR, \fB\-\-promisc\fR
+Set \fIdevice\fR to promiscuous mode
+.TP
+\fB\-r\fR, \fB\-\-read\fR
+Open \fIdevice\fR as pcap file
+.TP
+\fB\-n\fR, \fB\-\-threads\fR \fIthreads\fR
+Specify the number of threads
+.TP
+\fB\-V\fR, \fB\-\-version\fR
+Prints version information. If \fB\-r\fR was specified, open as pcap file
+instead
+
+.SH EXAMPLES
+.LP
+Sniff with default filters (dhcp, dns, tls, http) from \fIenp0s25\fR:
+.RS
+.nf
+\fBpacketkit enp0s25\fP
+.fi
+.RE
+.LP
+Increase the filter sensitivity (arp):
+.RS
+.nf
+\fBpacketkit -v enp0s25\fP
+.fi
+.RE
+.LP
+Increase the filter sensitivity (cjdns, ssdp, dropbox, packets with valid utf8)
+.RS
+.nf
+\fBpacketkit -vv enp0s25\fP
+.fi
+.RE
+.LP
+Almost everything
+.RS
+.nf
+\fBpacketkit -vvv enp0s25\fP
+.fi
+.RE
+.LP
+Everything
+.RS
+.nf
+\fBpacketkit -vvvv enp0s25\fP
+.fi
+.RE
+.LP
+Read a dump from \fIsniff.pcap\fR, with increased filter sensitivity and decode packets with 1 thread:
+.RS
+.nf
+\fBpacketkit -vvrn1 sniff.pcap\fP
+.fi
+.RE
+
+.SH PROTOCOLS
+.BR "ethernet,"
+.BR "ipv4,"
+.BR "ipv6,"
+.BR "arp,"
+.BR "tcp,"
+.BR "udp,"
+.BR "http,"
+.BR "tls,"
+.BR "dns,"
+.BR "dhcp,"
+.BR "cjdns eth beacons,"
+.BR "ssdp,"
+.BR "dropbox beacons"
+
+.SH SECURITY
+To report a security issue please contact packetkit on github issues.
+
+.SS SECCOMP
+.LP
+To ensure a compromised process doesn't compromise the system, packetkit uses
+seccomp to restrict the syscalls that can be used after the process started.
+This is done in two stages, first at the very beginning (directly after
+env\_logger initialized) and once after the sniffer has been setup, but before
+packets are read from the network.
+
+.SS HARDENING
+.LP
+During the second stage, there's also some general hardening that is applied
+before all unneeded syscalls are finally disabled. Those are system specific,
+so a configuration file is read from \fB/etc/packetkit.conf\fR. This config
+file specifies an empty directory for \fBchroot\fR and an unprivileged account
+in \fBuser\fR that is used to drop root privileges.
+
+.SS FUZZING
+.LP
+The packet processing of \fBpacketkit\fR can be fuzzed using \fIcargo-fuzz\fR.
+Everything you should need is provided in the \fIfuzz/\fR directory that is
+distributed along with its source code. Please note that this program links
+to \fIlibpcap\fR which is not included in the current fuzzing configuration.
+
+.SH "SEE ALSO"
+.BR pcap(3PCAP),
+.BR seccomp(2)
+
+.SH AUTHORS
+This program was originally written and is currently maintained by packetkit.
+Bug reports and patches are welcome on github:
+.LP
+.RS
+.I https://github.com/krishpranav/packetkit
+.RE

examples/boxxy.rs

@@ -27,4 +27,4 @@ fn main() {
             ("stage2", stage2),
         ]);
     boxxy::Shell::new(toolbox).run()
-}
+}

examples/read_packet.rs

@@ -14,4 +14,4 @@ fn main() {
         let packet = packetkit::centrifuge::parse_eth(&bytes);
         println!("{:?}", packet);
     }
-}
+}

fuzz/.gitignore

@@ -0,0 +1,4 @@
+
+target
+corpus
+artifacts