diff options
| author | Vadim Kochan <vadim4j@gmail.com> | 2015-06-16 04:10:19 +0300 |
|---|---|---|
| committer | Daniel Borkmann <daniel@iogearbox.net> | 2015-06-20 00:24:25 +0200 |
| commit | 9977ec6012452bfc5053dbc90aed53f55064c86b (patch) | |
| tree | 5aa23fa8645383d631829068d64b8b6e8b6b719c /netsniff-ng.c | |
| parent | 12c6a61fa54a2ee6a28c04ff51b2456f73d499b9 (diff) | |
netsniff-ng: Add dissector for Linux "cooked" packets
Added dissector_sll.c which uses sockaddr_ll to lookup & print
higher L3 layer protocol.
This dissector is mapped by LINKTYPE_LINUX_SLL link type.
Sample output of dissected Netlink & Ethernet packets.
Truncated manually some longer lines by "...":
> nlmon0 20 1434193547s.717131169ns #6
[ Linux "cooked" Pkt Type 4 (outgoing), If Type 824 (netlink), Addr Len 0, Src (), Proto 0x0 ]
[ NLMSG Family 0 (routing), Len 20, Type 0x0003 (DONE)...
> wlp3s0 52 1434194181s.436224709ns #9
[ Linux "cooked" Pkt Type 4 (outgoing), If Type 1 (ether), Addr Len 6, Src (XX:XX:XX:XX:XX:XX), Proto 0x800 ]
[ IPv4 Addr (XXX.XXX.XXX.XXX => 212.42.76.253), Proto (6), TTL (64), TOS (0), ...
), CSum (0x1ef5) is ok ]
[ Geo (local => Ukraine) ]
[ TCP Port (45849 => 443 (https)), SN (0x1744209), AN (0x46ca9611), DataOff (8) ...
[ Chr .....w.Rj).. ]
[ Hex XX XX XX XX XX XX XX XX XX XX XX XX ]
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Diffstat (limited to 'netsniff-ng.c')
| -rw-r--r-- | netsniff-ng.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/netsniff-ng.c b/netsniff-ng.c index e593b9d..91356ba 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -318,7 +318,7 @@ static void pcap_to_xmit(struct ctx *ctx) dissector_entry_point(out, hdr->tp_h.tp_snaplen, ctx->link_type, ctx->print_mode, - hdr->s_ll.sll_protocol); + &hdr->s_ll); kernel_may_pull_from_tx(&hdr->tp_h); @@ -469,7 +469,7 @@ static void receive_to_xmit(struct ctx *ctx) dissector_entry_point(in, hdr_in->tp_h.tp_snaplen, ctx->link_type, ctx->print_mode, - hdr_in->s_ll.sll_protocol); + &hdr_in->s_ll); if (frame_count_max != 0) { if (frame_count >= frame_count_max) { @@ -662,7 +662,7 @@ static void read_pcap(struct ctx *ctx) dissector_entry_point(out, fm.tp_h.tp_snaplen, ctx->link_type, ctx->print_mode, - fm.s_ll.sll_protocol); + &fm.s_ll); if (is_out_pcap) { size_t pcap_len = pcap_get_length(&phdr, ctx->magic); @@ -929,7 +929,7 @@ static void walk_t3_block(struct block_desc *pbd, struct ctx *ctx, hdr, ctx->print_mode, true, *frame_count); dissector_entry_point(packet, hdr->tp_snaplen, ctx->link_type, - ctx->print_mode, sll->sll_protocol); + ctx->print_mode, sll); next: hdr = (void *) ((uint8_t *) hdr + hdr->tp_next_offset); sll = (void *) ((uint8_t *) hdr + TPACKET_ALIGN(sizeof(*hdr))); @@ -1064,7 +1064,7 @@ static void recv_only_or_dump(struct ctx *ctx) dissector_entry_point(packet, hdr->tp_h.tp_snaplen, ctx->link_type, ctx->print_mode, - hdr->s_ll.sll_protocol); + &hdr->s_ll); if (frame_count_max != 0) { if (unlikely(frame_count >= frame_count_max)) { |