diff options
| author | Tobias Klauser <tklauser@distanz.ch> | 2014-06-04 10:52:53 +0200 |
|---|---|---|
| committer | Tobias Klauser <tklauser@distanz.ch> | 2014-06-04 10:52:53 +0200 |
| commit | edca6174b09d14c75a7bbc25af122a37ff16ecea (patch) | |
| tree | a378bbdf9792b774a8d61885569c1df273088204 /netsniff-ng.c | |
| parent | 96cbba90a5ccf29c2124b8d4d46ed534861ccf44 (diff) | |
dissector: Restore paket type if capturing from nlmon device
The kernel sets the skb pkttype to PACKET_OUTGOING for all packets being
sent through dev_queue_xmit_nit(). However, if capturing packets from an
nlmon device, this causes the information on whether the netlink packet
was sent to kernel- or userspace (PACKET_KERNEL/PACKET_USER) to be
overwritten.
A previous attempt by Daniel Borkmann to fix this in kernel space [1] by
not overwriting the packet type for netlink packets was not regarded as
the proper solution.
[1] http://patchwork.ozlabs.org/patch/338612/
Thus, attempt to fix this in userspace by looking at the pid field of
the netlink packet, which is always 0 for messages to kernel space [2].
[2] http://www.carisma.slowglass.com/~tgr/libnl/doc/core.html#core_netlink_fundamentals
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Diffstat (limited to 'netsniff-ng.c')
| -rw-r--r-- | netsniff-ng.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/netsniff-ng.c b/netsniff-ng.c index c126115..397f50d 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -277,7 +277,8 @@ static void pcap_to_xmit(struct ctx *ctx) ctx->tx_bytes += hdr->tp_h.tp_len;; ctx->tx_packets++; - show_frame_hdr(hdr, ctx->print_mode); + show_frame_hdr(out, hdr->tp_h.tp_snaplen, + ctx->link_type, hdr, ctx->print_mode); dissector_entry_point(out, hdr->tp_h.tp_snaplen, ctx->link_type, ctx->print_mode); @@ -424,7 +425,8 @@ static void receive_to_xmit(struct ctx *ctx) it_out = 0; } - show_frame_hdr(hdr_in, ctx->print_mode); + show_frame_hdr(in, hdr_in->tp_h.tp_snaplen, + ctx->link_type, hdr_in, ctx->print_mode); dissector_entry_point(in, hdr_in->tp_h.tp_snaplen, ctx->link_type, ctx->print_mode); @@ -594,7 +596,8 @@ static void read_pcap(struct ctx *ctx) ctx->tx_bytes += fm.tp_h.tp_len; ctx->tx_packets++; - show_frame_hdr(&fm, ctx->print_mode); + show_frame_hdr(out, fm.tp_h.tp_snaplen, ctx->link_type, &fm, + ctx->print_mode); dissector_entry_point(out, fm.tp_h.tp_snaplen, ctx->link_type, ctx->print_mode); @@ -817,7 +820,8 @@ static void walk_t3_block(struct block_desc *pbd, struct ctx *ctx, panic("Write error to pcap!\n"); } - __show_frame_hdr(sll, hdr, ctx->print_mode, true); + __show_frame_hdr(packet, hdr->tp_snaplen, ctx->link_type, sll, + hdr, ctx->print_mode, true); dissector_entry_point(packet, hdr->tp_snaplen, ctx->link_type, ctx->print_mode); |