1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
|
/*
* netsniff-ng - the packet sniffing beast
* Copyright 2014 Tobias Klauser.
* Subject to the GPL, version 2.
*/
#include <stdio.h>
#include <unistd.h>
#include <limits.h>
#include <libgen.h>
#include <netlink/msg.h>
#include "pkt_buff.h"
#include "proto.h"
#include "protos.h"
static const char *nlmsg_family2str(uint16_t family)
{
switch (family) {
case NETLINK_ROUTE: return "routing";
case NETLINK_UNUSED: return "unused";
case NETLINK_USERSOCK: return "user-mode socket";
case NETLINK_FIREWALL: return "unused, formerly ip_queue";
/* NETLINK_INET_DIAG was renamed to NETLINK_SOCK_DIAG in Linux kernel 3.10 */
#if defined(NETLINK_SOCK_DIAG)
case NETLINK_SOCK_DIAG: return "socket monitoring";
#elif defined(NETLINK_INET_DIAG)
case NETLINK_INET_DIAG: return "INET socket monitoring";
#endif
case NETLINK_NFLOG: return "netfilter ULOG";
case NETLINK_XFRM: return "IPsec";
case NETLINK_SELINUX: return "SELinux event notification";
case NETLINK_ISCSI: return "Open-iSCSI";
case NETLINK_AUDIT: return "auditing";
case NETLINK_FIB_LOOKUP: return "FIB lookup";
case NETLINK_CONNECTOR: return "Kernel connector";
case NETLINK_NETFILTER: return "Netfilter";
case NETLINK_IP6_FW: return "unused, formerly ip6_queue";
case NETLINK_DNRTMSG: return "DECnet routing";
case NETLINK_KOBJECT_UEVENT: return "Kernel messages";
case NETLINK_GENERIC: return "Generic";
case NETLINK_SCSITRANSPORT: return "SCSI transports";
case NETLINK_ECRYPTFS: return "ecryptfs";
case NETLINK_RDMA: return "RDMA";
case NETLINK_CRYPTO: return "Crypto layer";
default: return "Unknown";
}
}
static const char *nlmsg_rtnl_type2str(uint16_t type)
{
switch (type) {
case RTM_NEWLINK: return "new link";
case RTM_DELLINK: return "del link";
case RTM_GETLINK: return "get link";
case RTM_SETLINK: return "set link";
case RTM_NEWADDR: return "new addr";
case RTM_DELADDR: return "del addr";
case RTM_GETADDR: return "get addr";
case RTM_NEWROUTE: return "new route";
case RTM_DELROUTE: return "del route";
case RTM_GETROUTE: return "get route";
case RTM_NEWNEIGH: return "new neigh";
case RTM_DELNEIGH: return "del neigh";
case RTM_GETNEIGH: return "get neigh";
case RTM_NEWRULE: return "new rule";
case RTM_DELRULE: return "del rule";
case RTM_GETRULE: return "get rule";
case RTM_NEWQDISC: return "new tc qdisc";
case RTM_DELQDISC: return "del tc qdisc";
case RTM_GETQDISC: return "get tc qdisc";
case RTM_NEWTCLASS: return "new tc class";
case RTM_DELTCLASS: return "del tc class";
case RTM_GETTCLASS: return "get tc class";
case RTM_NEWTFILTER: return "new tc filter";
case RTM_DELTFILTER: return "del tc filter";
case RTM_GETTFILTER: return "get tc filter";
case RTM_NEWACTION: return "new tc action";
case RTM_DELACTION: return "del tc action";
case RTM_GETACTION: return "get tc action";
case RTM_NEWPREFIX: return "new prefix";
case RTM_GETMULTICAST: return "get mcast addr";
case RTM_GETANYCAST: return "get anycast addr";
case RTM_NEWNEIGHTBL: return "new neigh table";
case RTM_GETNEIGHTBL: return "get neigh table";
case RTM_SETNEIGHTBL: return "set neigh table";
case RTM_NEWNDUSEROPT: return "new ndisc user option";
case RTM_NEWADDRLABEL: return "new addr label";
case RTM_DELADDRLABEL: return "del addr label";
case RTM_GETADDRLABEL: return "get addr label";
case RTM_GETDCB: return "get data-center-bridge";
case RTM_SETDCB: return "set data-center-bridge";
#if defined(RTM_NEWNETCONF)
case RTM_NEWNETCONF: return "new netconf";
case RTM_GETNETCONF: return "get netconf";
#endif
#if defined(RTM_NEWMDB)
case RTM_NEWMDB: return "new bridge mdb";
case RTM_DELMDB: return "del bridge mdb";
case RTM_GETMDB: return "get bridge mdb";
#endif
default: return NULL;
}
}
static char *nlmsg_type2str(uint16_t proto, uint16_t type, char *buf, int len)
{
if (proto == NETLINK_ROUTE && type < RTM_MAX) {
const char *name = nlmsg_rtnl_type2str(type);
if (name) {
strncpy(buf, name, len);
return buf;
}
}
return nl_nlmsgtype2str(type, buf, len);
}
static void nlmsg(struct pkt_buff *pkt)
{
struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr));
char type[32];
char flags[128];
char procname[PATH_MAX];
if (hdr == NULL)
return;
/* Look up the process name if message is not coming from the kernel.
*
* Note that the port id is not necessarily equal to the PID of the
* receiving process (e.g. if the application is multithreaded or using
* multiple sockets). In these cases we're not able to find a matching
* PID and the information will not be printed.
*/
if (hdr->nlmsg_pid != 0) {
char path[1024];
int ret;
snprintf(path, sizeof(path), "/proc/%u/exe", hdr->nlmsg_pid);
ret = readlink(path, procname, sizeof(procname) - 1);
if (ret < 0)
ret = 0;
procname[ret] = '\0';
} else
snprintf(procname, sizeof(procname), "kernel");
tprintf(" [ NLMSG ");
tprintf("Family %d (%s%s%s), ", ntohs(pkt->proto), colorize_start(bold),
nlmsg_family2str(ntohs(pkt->proto)), colorize_end());
tprintf("Len %u, ", hdr->nlmsg_len);
tprintf("Type 0x%.4x (%s%s%s), ", hdr->nlmsg_type,
colorize_start(bold),
nlmsg_type2str(ntohs(pkt->proto), hdr->nlmsg_type, type,
sizeof(type)), colorize_end());
tprintf("Flags 0x%.4x (%s%s%s), ", hdr->nlmsg_flags,
colorize_start(bold),
nl_nlmsg_flags2str(hdr->nlmsg_flags, flags, sizeof(flags)),
colorize_end());
tprintf("Seq-Nr %u, ", hdr->nlmsg_seq);
tprintf("PID %u", hdr->nlmsg_pid);
if (procname[0])
tprintf(" (%s%s%s)", colorize_start(bold), basename(procname),
colorize_end());
tprintf(" ]\n");
}
static void nlmsg_less(struct pkt_buff *pkt)
{
struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr));
char type[32];
if (hdr == NULL)
return;
tprintf(" NLMSG Family %d (%s%s%s), ", ntohs(pkt->proto), colorize_start(bold),
nlmsg_family2str(ntohs(pkt->proto)), colorize_end());
tprintf("Type %u (%s%s%s)", hdr->nlmsg_type, colorize_start(bold),
nlmsg_type2str(ntohs(pkt->proto), hdr->nlmsg_type, type,
sizeof(type)), colorize_end());
}
struct protocol nlmsg_ops = {
.print_full = nlmsg,
.print_less = nlmsg_less,
};
|
