Age | Commit message (Collapse) | Author | Files | Lines |
|
Added dissector_sll.c which uses sockaddr_ll to lookup & print
higher L3 layer protocol.
This dissector is mapped by LINKTYPE_LINUX_SLL link type.
Sample output of dissected Netlink & Ethernet packets.
Truncated manually some longer lines by "...":
> nlmon0 20 1434193547s.717131169ns #6
[ Linux "cooked" Pkt Type 4 (outgoing), If Type 824 (netlink), Addr Len 0, Src (), Proto 0x0 ]
[ NLMSG Family 0 (routing), Len 20, Type 0x0003 (DONE)...
> wlp3s0 52 1434194181s.436224709ns #9
[ Linux "cooked" Pkt Type 4 (outgoing), If Type 1 (ether), Addr Len 6, Src (XX:XX:XX:XX:XX:XX), Proto 0x800 ]
[ IPv4 Addr (XXX.XXX.XXX.XXX => 212.42.76.253), Proto (6), TTL (64), TOS (0), ...
), CSum (0x1ef5) is ok ]
[ Geo (local => Ukraine) ]
[ TCP Port (45849 => 443 (https)), SN (0x1744209), AN (0x46ca9611), DataOff (8) ...
[ Chr .....w.Rj).. ]
[ Hex XX XX XX XX XX XX XX XX XX XX XX XX ]
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
In commit d312a25879d5 ("netsniff-ng nlmsg: Print netlink protocol
name"), the struct protocol member of struct pkt_buff was renamed to
handler to account for the newly added proto field. However, the
corresponding function pkt_set_proto wasn't renamed which is a bit
counter-intuitive. Fix this by renaming the member again, this time to
dissector (as I don't consider handler a particulary meaningful name)
and adjust the set function's name accordingly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The link type is handled as uint32_t in the rest of the code base so use
that type here as well.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
nlmsg proto handler can't identify Netlink protocol from nlmsghdr, so
sockaddr_ll can be used to get it.
Also renamed [proto -> handler] member in pkt_buff struct, which is more
understandable.
Example:
>U nlmon0 4756 1429891435s.14505747ns
[ NLMSG Proto 0 (RTNETLINK), Len 1160, Type 0x0010 (0x10), Flags 0x0002 (MULTI), Seq-Nr 1429891436, PID 31613 ]
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: Handle usage of NETLINK_SOCK_DIAG with pre 3.10 kernel
headers, fix nl_proto2str() return value, formatting changes]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
netsniff-ng does not check if monitor device includes radiotap
header which leads to the wrong 802.11 frame parsing.
Tested if the .pcap file is understandable by wireshark and if
dump info is basically correct, but did not test the case when xmit
packets from .pcap file to the output device and from the input device
to the output device.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: whitespace changes]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
lookup_hash() returns void * which does not need to be cast.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
We decided to get rid of the old Git history and start a new one for
several reasons:
*) Allow / enforce only high-quality commits (which was not the case
for many commits in the history), have a policy that is more close
to the one from the Linux kernel. With high quality commits, we
mean code that is logically split into commits and commit messages
that are signed-off and have a proper subject and message body.
We do not allow automatic Github merges anymore, since they are
total bullshit. However, we will either cherry-pick your patches
or pull them manually.
*) The old archive was about ~27MB for no particular good reason.
This basically derived from the bad decision that also some PDF
files where stored there. From this moment onwards, no binary
objects are allowed to be stored in this repository anymore.
The old archive is not wiped away from the Internet. You will still
be able to find it, e.g. on git.cryptoism.org etc.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|