netsniff-ng: Add netlink dissector

Add an initial implementation of a dissector to work on netlink messages
as received from an nlmon device.

Use can use it as follows to monitor netlink traffic to/from the kernel:

  modprobe nlmon
  ip link add type nlmon
  ip link set nlmon0 up

  netsniff-ng -i nlmon0

  ip link set nlmon 0 down
  ip link del dev nlmon0
  rmmod nlmon

Fixes: #89
Suggested-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

1 files changed, 8 insertions, 0 deletions

diff --git a/dissector.c b/dissector.c
index a412999..ccc9b3c 100644
--- a/dissector.c
+++ b/dissector.c
@@ -15,6 +15,7 @@
 #include "dissector.h"
 #include "dissector_eth.h"
 #include "dissector_80211.h"
+#include "dissector_netlink.h"
 #include "linktype.h"
 
 int dissector_set_print_type(void *ptr, int type)
@@ -80,6 +81,11 @@ void dissector_entry_point(uint8_t *packet, size_t len, int linktype, int mode)
 		proto_start = dissector_get_ieee80211_entry_point();
 		proto_end = dissector_get_ieee80211_exit_point();
 		break;
+	case LINKTYPE_NETLINK:
+	case ___constant_swab32(LINKTYPE_NETLINK):
+		proto_start = dissector_get_netlink_entry_point();
+		proto_end = dissector_get_netlink_exit_point();
+		break;
 	default:
 		proto_start = &none_ops;
 		proto_end = NULL;
@@ -108,10 +114,12 @@ void dissector_init_all(int fnttype)
 {
 	dissector_init_ethernet(fnttype);
 	dissector_init_ieee80211(fnttype);
+	dissector_init_netlink(fnttype);
 }
 
 void dissector_cleanup_all(void)
 {
 	dissector_cleanup_ethernet();
 	dissector_cleanup_ieee80211();
+	dissector_cleanup_netlink();
 }