| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Add an initial implementation of a dissector to work on netlink messages
as received from an nlmon device.
Use can use it as follows to monitor netlink traffic to/from the kernel:
modprobe nlmon
ip link add type nlmon
ip link set nlmon0 up
netsniff-ng -i nlmon0
ip link set nlmon 0 down
ip link del dev nlmon0
rmmod nlmon
Fixes: #89
Suggested-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The dissector only needs the LINKTYPE_* #defines from pcap_io.h. Instead
of pulling in this rather large header just for this, move the
LINKTYPE_* #defines to an own header and include it where needed.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
This header is actually only needed in dissector_eth and
dissector_80211, so remove the other users accordingly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Commit f5c10ae4e3 ("dissector: do not panic on unknown hatype") let
netsniff-ng not panic anymore on unkown ha types, but without explicitly
starting netsniff-ng in hex or ascii printing mode, no dissection
will happen.
This patch fixes this situation so that at least ascii_hex() will be
called in case the link type is not known to us.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Do not panic on linktypes that are unknown to us. Just skip the usual
dissector entry point and based on user input, print in hex, ascii, or
hex + ascii.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
We decided to get rid of the old Git history and start a new one for
several reasons:
*) Allow / enforce only high-quality commits (which was not the case
for many commits in the history), have a policy that is more close
to the one from the Linux kernel. With high quality commits, we
mean code that is logically split into commits and commit messages
that are signed-off and have a proper subject and message body.
We do not allow automatic Github merges anymore, since they are
total bullshit. However, we will either cherry-pick your patches
or pull them manually.
*) The old archive was about ~27MB for no particular good reason.
This basically derived from the bad decision that also some PDF
files where stored there. From this moment onwards, no binary
objects are allowed to be stored in this repository anymore.
The old archive is not wiped away from the Internet. You will still
be able to find it, e.g. on git.cryptoism.org etc.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
