Difference between pages "AFF Development Task List" and "Libdnet"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(High Priority: - The library does not compile on 64-bit versions of Fedora Core 7 Linux.)
 
(References)
 
Line 1: Line 1:
== High Priority ==
+
== Abstract ==
  
* The library does not compile on 64-bit versions of Fedora Core 7 Linux.
+
* libdnet provides a simplified, portable interface to several low-level networking routines, including
 +
* network address manipulation
 +
* kernel arp(4) cache and route(4) table lookup and manipulation
 +
* network firewalling (IP filter, ipfw, ipchains, pf, PktFilter, ...)
 +
* network interface lookup and manipulation
 +
* IP tunnelling (BSD/Linux tun, Universal TUN/TAP device)
 +
* raw IP packet and Ethernet frame transmission
  
* Create man pages and/or documentation for AFF toolkit. To wit:
+
== Supported languages ==
  
* [[aimage]]
+
* C, C++
* [[ident]]
+
* Python
* [[afcat]]
+
* Perl, Ruby (see below)
* [[afcompare]]
+
* [[afconvert]]
+
* [[affix]]
+
* [[affuse]]
+
* [[afinfo]]
+
* [[afstats]]
+
* [[afxml]]
+
* [[afsegment]]
+
  
* Add a usage description to [[afcat]]. When run with no arguments the output should say what the program does.
+
== Supported platforms ==
  
* Create man pages and/or documentation for AFF library functions (e.g. ,<tt>af_open</tt>, <tt>af_get_imagesize</tt>)
+
* BSD (OpenBSD, FreeBSD, NetBSD, BSD/OS)
 +
* Linux (Redhat, Debian, Slackware, etc.)
 +
* MacOS X
 +
* Windows (NT/2000/XP)
 +
* Solaris
 +
* IRIX
 +
* HP-UX
 +
* Tru64
  
* Build library as a shared library using libtool. This will allow developers using the library to just link to the AFF. Without it, developers must link to the static library and the individual libraries necessary <em>on that machine</em>. There is no good way to determine those extra libraries.
+
== External Links ==
 +
* [http://search.cpan.org/~vman/Net-Libdnet-0.01/ Net::Libdnet] - Perl interface to libdnet
 +
* [http://www.shmoo.com/~bmc/software/ruby/ruby-dnet/ dnet.rb] - Ruby interface to libdnet
 +
* [http://www.tcpdump.org/ libpcap] - portable packet capture library
 +
* [http://winpcap.polito.it/ winpcap] - libpcap for Windows
 +
* [http://monkey.org/~dugsong/pypcap/ pypcap] - libpcap Python module
 +
* [http://monkey.org/~dugsong/dpkt/ dpkt] - fast, simple packet creation and parsing in Python
 +
* [http://www.packetfactory.net/projects/libnet/ libnet] - packet construction library
 +
* [http://www.hsc.fr/ressources/outils/pktfilter/index.html.en PktFilter] - win32 service to configure the IPv4 filtering driver in Windows 2000/XP/Server 2003
 +
* [http://vtun.sourceforge.net/tun/ Universal TUN/TAP driver] - virtual point-to-point network tunnel device
 +
* [http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ TUN/TAP driver for MacOS X]
 +
* [http://libdnet.sourceforge.net/tun-1.1-sol80.sparc64.gz Tunnel driver for Solaris 8 (sparc64)]
  
* Document that <tt>af_write</tt> may not be called without first setting the <tt>image_pagesize</tt> value inside of the <tt>AFFILE</tt> structure. Not doing so causes a divide by zero error. Perhaps we should 1. Check that <tt>image_pagesize</tt> is not zero and 2. Set <tt>image_pagesize</tt> to a known good default value when opening a new AFF file for writing.
+
== References ==
  
* Check aimage ability to write a file of 1,073,741,825 bytes ((2**30)+1). Correctly reported reading/writing a file that was a 1,073,741,824 random byte stream, but did not pick up the extra byte when it was added to the file. ls -la correctly shows the size with the extra byte. Also, added 42 additional bytes which were not apparently read or written.  UPDATE - With 511 bytes added, still didn't read/write full file, however, adding 512 bytes did cause the whole file (1,073,742,336 bytes) to be read/written.
+
All information on this page can be found at [http://libdnet.sourceforge.net/ libdnet.sourceforge.net] and is credited to Dug Song - dugsong+libdnet@monkey.org
 
+
== Medium Priority ==
+
 
+
* How about renaming the library to libaff? That would allow developers to link with <tt>-laff</tt> instead of <tt>-lafflib</tt>. To my knowledge, there is no existing library named AFF already.
+
:: Response: The problem with doing this is that we have AFFLIB.ORG; AFF.ORG is the Arab Film Festival.
+
 
+
* Is there a set of segment names that must be defined to have a ''valid'' AFF file?
+
 
+
* Document that <tt>af_open</tt> (when writing a file) does more than a standard <tt>fopen</tt> command. The command writes an AFF stub of some kind to the output file. Users should be cautioned not to use this function as a test, lest they overwrite data.
+
 
+
* Does <tt>af_open</tt> refuse to open a file for writing if it already exists? If so, what kind of error does it return?
+
 
+
* Document how to programmatically enumerate all segments and values in a file. That is, explain how to get the output of <tt>$ afinfo -a</tt>.
+
 
+
== Low Priority ==
+
 
+
* Add library function to open standard input. Perhaps:
+
 
+
<pre>AFFILE * af_open_stdin(void);</pre>
+

Latest revision as of 16:11, 13 March 2013

Contents

Abstract

  • libdnet provides a simplified, portable interface to several low-level networking routines, including
  • network address manipulation
  • kernel arp(4) cache and route(4) table lookup and manipulation
  • network firewalling (IP filter, ipfw, ipchains, pf, PktFilter, ...)
  • network interface lookup and manipulation
  • IP tunnelling (BSD/Linux tun, Universal TUN/TAP device)
  • raw IP packet and Ethernet frame transmission

Supported languages

  • C, C++
  • Python
  • Perl, Ruby (see below)

Supported platforms

  • BSD (OpenBSD, FreeBSD, NetBSD, BSD/OS)
  • Linux (Redhat, Debian, Slackware, etc.)
  • MacOS X
  • Windows (NT/2000/XP)
  • Solaris
  • IRIX
  • HP-UX
  • Tru64

External Links

References

All information on this page can be found at libdnet.sourceforge.net and is credited to Dug Song - dugsong+libdnet@monkey.org