netsniff-ng: Add netlink dissector

Add an initial implementation of a dissector to work on netlink messages
as received from an nlmon device.

Use can use it as follows to monitor netlink traffic to/from the kernel:

  modprobe nlmon
  ip link add type nlmon
  ip link set nlmon0 up

  netsniff-ng -i nlmon0

  ip link set nlmon 0 down
  ip link del dev nlmon0
  rmmod nlmon

Fixes: #89
Suggested-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

1 files changed, 52 insertions, 0 deletions

diff --git a/proto_nlmsg.c b/proto_nlmsg.c
new file mode 100644
index 0000000..f5abf57
--- /dev/null
+++ b/proto_nlmsg.c
@@ -0,0 +1,52 @@
+/*
+ * netsniff-ng - the packet sniffing beast
+ * Copyright 2014 Tobias Klauser.
+ * Subject to the GPL, version 2.
+ */
+
+#include <libnl3/netlink/msg.h>
+
+#include "pkt_buff.h"
+#include "proto.h"
+
+static void nlmsg(struct pkt_buff *pkt)
+{
+	struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr));
+	char type[32];
+	char flags[128];
+
+	if (hdr == NULL)
+		return;
+
+	tprintf(" [ NLMSG ");
+	tprintf("Len %u, ", hdr->nlmsg_len);
+	tprintf("Type 0x%.4x (%s%s%s), ", hdr->nlmsg_type,
+		colorize_start(bold),
+		nl_nlmsgtype2str(hdr->nlmsg_type, type, sizeof(type)),
+		colorize_end());
+	tprintf("Flags 0x%.4x (%s%s%s), ", hdr->nlmsg_flags,
+		colorize_start(bold),
+		nl_nlmsg_flags2str(hdr->nlmsg_flags, flags, sizeof(flags)),
+		colorize_end());
+	tprintf("Seq-Nr %u, ", hdr->nlmsg_seq);
+	tprintf("PID %u", hdr->nlmsg_pid);
+	tprintf(" ]\n");
+}
+
+static void nlmsg_less(struct pkt_buff *pkt)
+{
+	struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr));
+	char type[32];
+
+	if (hdr == NULL)
+		return;
+
+	tprintf(" NLMSG %u (%s%s%s)", hdr->nlmsg_type, colorize_start(bold),
+		nl_nlmsgtype2str(hdr->nlmsg_type, type, sizeof(type)),
+		colorize_end());
+}
+
+struct protocol nlmsg_ops = {
+	.print_full = nlmsg,
+	.print_less = nlmsg_less,
+};