Closed Belippo closed 1 year ago
This was also a problem in jNetPcap v1 at one point. I will look into it right away:
https://sourceforge.net/p/jnetpcap/bugs/116/
V2 is different, we don't compile anything and rely on FF to resolve all symbols. Its likely another native library needs to be loaded or is not found besides libpcap.so
Can you run the command:
Starship:/usr/lib/x86_64-linux-gnu> ldd libpcap.so
linux-vdso.so.1 (0x00007fff25085000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007efe28000000)
libdbus-1.so.3 => /lib/x86_64-linux-gnu/libdbus-1.so.3 (0x00007efe282f2000)
/lib64/ld-linux-x86-64.so.2 (0x00007efe283ae000)
libsystemd.so.0 => /lib/x86_64-linux-gnu/libsystemd.so.0 (0x00007efe2822b000)
liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007efe27fd5000)
libzstd.so.1 => /lib/x86_64-linux-gnu/libzstd.so.1 (0x00007efe27f06000)
liblz4.so.1 => /lib/x86_64-linux-gnu/liblz4.so.1 (0x00007efe27ee6000)
libcap.so.2 => /lib/x86_64-linux-gnu/libcap.so.2 (0x00007efe27edb000)
libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007efe27d9d000)
libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007efe27d77000)
on your linux system so I can compare your linked/found dependencies?
└─# ldd libpcap.so
linux-vdso.so.1 (0x00007fff3238d000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f011d9a5000)
libdbus-1.so.3 => /lib/x86_64-linux-gnu/libdbus-1.so.3 (0x00007f011d94f000)
/lib64/ld-linux-x86-64.so.2 (0x00007f011dbea000)
libsystemd.so.0 => /lib/x86_64-linux-gnu/libsystemd.so.0 (0x00007f011d880000)
libcap.so.2 => /lib/x86_64-linux-gnu/libcap.so.2 (0x00007f011d874000)
libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007f011d72d000)
liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f011d6fc000)
libzstd.so.1 => /lib/x86_64-linux-gnu/libzstd.so.1 (0x00007f011d640000)
liblz4.so.1 => /lib/x86_64-linux-gnu/liblz4.so.1 (0x00007f011d61a000)
libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007f011d5f2000)
Erro i got in detail:
/usr/lib/jvm/java-17-openjdk-amd64/bin/java: symbol lookup error: /usr/lib/libjnetpcap.so: undefined symbol: mac_addr_dlpi
Are you compiling from source or using the downloadable binary?
If you make the change in jnetpcaputils.cpp file (around line 612):
#if defined(Linux) || defined(HPUX) || defined(AIX) || defined(DARWIN) || \
defined(FREE_BSD) || defined(NET_BSD) || defined(OPEN_BSD) || \
defined(__APPLE__) || defined(__linux__) || defined(__unix__)
mac_addr_sys(buf, mac);
#else
mac_addr_dlpi(buf, mac);
#endif
That should fix it. I will test it and check in the changes.
Also I encourage you to move on from V1 and try jNetPcap v2 going forward.
I'am using the downloadable binary, how can i add that lines?
It has to be recompiled or DLPI stream package added. This is supported on SysV unixes as far as I remember.
Oh no! There is no the .so with that fix?
The latest one should be linked properly. I'm not sure what the issue is yet or why.
I'am using the jnetpcap-1.4.r1425-1.linux64.x86_64.tgz .so . Where can i find the latest one?
Still checking, its working on my system with r1425.
I just ran the PcapSendPacketExample using jnetpcap-1.4.r1425-1.linux64.x86_64.tgz
package and it works.
Make sure that you your LD_LIBRARY_PATH is pointing at the right jnetpcap and not some SysV variant.
When I run the example, it properly resolves the PcapIf interface (which is where the error is occuring) and then it sends the bogus packet which I can capture with wireshark:
Copy of the example found in the /examples/java directory in root jnetpcap install package:
public class PcapSendPacketExample {
public static void main(String[] args) {
List<PcapIf> alldevs = new ArrayList<PcapIf>(); // Will be filled with NICs
StringBuilder errbuf = new StringBuilder(); // For any error msgs
/***************************************************************************
* First get a list of devices on this system
**************************************************************************/
int r = Pcap.findAllDevs(alldevs, errbuf);
if (r == Pcap.NOT_OK || alldevs.isEmpty()) {
System.err.printf("Can't read list of devices, error is %s", errbuf
.toString());
return;
}
PcapIf device = alldevs.stream()
.filter(d -> d.getName().equals("enp0s25"))
.findAny().orElseThrow(IllegalStateException::new); // We know we have atleast 1 device
System.out.printf("Opening device: %s%n", device.getName());
/***************************************************************************
* Second we open a network interface
**************************************************************************/
int snaplen = 64 * 1024; // Capture all packets, no trucation
int flags = Pcap.MODE_PROMISCUOUS; // capture all packets
int timeout = 10 * 1000; // 10 seconds in millis
Pcap pcap = Pcap.openLive(device.getName(), snaplen, flags, timeout, errbuf);
if (pcap == null) {
System.err.println(errbuf);
System.exit(1);
}
/***************************************************************************
* Third we create our crude packet we will transmit out This creates a
* broadcast packet
**************************************************************************/
byte[] a = new byte[14];
Arrays.fill(a, (byte) 0xff);
ByteBuffer b = ByteBuffer.wrap(a);
/***************************************************************************
* Fourth We send our packet off using open device
**************************************************************************/
if (pcap.sendPacket(b) != Pcap.OK) {
System.err.println(pcap.getErr());
}
/***************************************************************************
* Lastly we close
**************************************************************************/
pcap.close();
}
}
Also make sure your have SUDO privileges to the network interface. Set that up with the following:
sudo setcap cap_net_raw,cap_net_admin=eip $JAVA_HOME/bin/java
And the target can not be a link for JDK8 you may have to use path $JAVA_HOME/jre/bin/java
, if the first doesn't work.
i think it's pointing to the right jnetpcap, i installed only that ,indeed if i try to delete libjnetpcap.so in /usr/lib i got "Unsatisfied link error".
I have tried sudo setcap cap_net_raw,cap_net_admin=eip /usr/lib/jvm/java-17-openjdk-amd64/bin/java
but it doesn't work
I also tried on WSL kali linux and on another machine with parrotOSx64 and i got the same issue
I'm still looking
Can you also do the same thing on jnetpcap shared library:
Starship:~/lib/jnetpcap-1.4.r1425-1.linux64.x86_64/jnetpcap-1.4.r1425> ldd libjnetpcap.so
linux-vdso.so.1 (0x00007ffe06302000)
libstdc++.so.6 => /lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f701f400000)
libpcap.so => /lib/x86_64-linux-gnu/libpcap.so (0x00007f701fae7000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f701f000000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f701f719000)
/lib64/ld-linux-x86-64.so.2 (0x00007f701fb55000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f701fac7000)
libdbus-1.so.3 => /lib/x86_64-linux-gnu/libdbus-1.so.3 (0x00007f701f6cb000)
libsystemd.so.0 => /lib/x86_64-linux-gnu/libsystemd.so.0 (0x00007f701f339000)
liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f701f6a0000)
libzstd.so.1 => /lib/x86_64-linux-gnu/libzstd.so.1 (0x00007f701f26a000)
liblz4.so.1 => /lib/x86_64-linux-gnu/liblz4.so.1 (0x00007f701f680000)
libcap.so.2 => /lib/x86_64-linux-gnu/libcap.so.2 (0x00007f701faba000)
libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007f701eec2000)
libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007f701f65a000)
I'm just trying to see what is different between your install and our labs.
Ok, I am able to reproduce the error now. Its not your installation but the .so file compiled with the wrong flags. I missed that you were using PcapUtils.getHardwareAddress()
call, which does reproduce the error:
/usr/lib/jvm/java-8-openjdk-amd64/bin/java: symbol lookup error: ~/lib/jnetpcap-1.4.r1425-1.linux64.x86_64/jnetpcap-1.4.r1425/libjnetpcap.so: undefined symbol: mac_addr_dlpi
Also the symbol is clearely defined and not linked:
Starship:~/lib/jnetpcap-1.4.r1425-1.linux64.x86_64/jnetpcap-1.4.r1425> nm libjnetpcap.so | grep mac_addr
U mac_addr_dlpi
0000000000019c38 T mac_addr_sys
Lastly, this ticket belongs under https://github.com/slytechs-repos/jnetpcap-legacy.
I'll transerfer the ticket to the correct project/repo.
Oh ok. So should you correct and recompile to fix the bug?
I'm having trouble recompiling from source right now. I am not sure you would have any more luck. Its been many years since I've had to touch this code, but it needs to be done/refreshed for latest everything.
For now I would suggest you no use PcapUtils.getHardwareAddress and use the JDK API https://docs.oracle.com/javase/7/docs/api/java/net/NetworkInterface.html#getHardwareAddress() until I fix this.
Ok without that function it works! Thank you, i really appreciate your support, so available...Keep it up. JNETPcap is the only updated API in java as i see. As final user i can suggest to provide high level method to craft and send packets. Keep me update if you can recompile
provide high level method to craft and send packets
This functionality is coming, again in jNetPcap Pro.
jNetPcap v2 module is pure libpcap functionality. jNetPcap Pro is the high level protocol extension to jNetPcap which adds all of the higher level functionality. This separation allows greater stability for the libpcap API and to be independent of new features which are provided by the rest of the modules.
The jNetPcap v1 (legacy) is only supported for bug fixes and won't get any additional features. When you can, I would suggest you start integrating with v2 API.
I hope that explains it.
Jnetpcap v1.4 works well in windows but when i run the same code (i send a simple syn tcp packet) in Linux amd64 i got the error:
Undefined symbol: mac_addr_dlpi