summaryrefslogtreecommitdiff
path: root/pkt_buff.h
AgeCommit message (Collapse)AuthorFilesLines
2015-06-20netsniff-ng: Add dissector for Linux "cooked" packetsVadim Kochan1-1/+1
Added dissector_sll.c which uses sockaddr_ll to lookup & print higher L3 layer protocol. This dissector is mapped by LINKTYPE_LINUX_SLL link type. Sample output of dissected Netlink & Ethernet packets. Truncated manually some longer lines by "...": > nlmon0 20 1434193547s.717131169ns #6 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 824 (netlink), Addr Len 0, Src (), Proto 0x0 ] [ NLMSG Family 0 (routing), Len 20, Type 0x0003 (DONE)... > wlp3s0 52 1434194181s.436224709ns #9 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 1 (ether), Addr Len 6, Src (XX:XX:XX:XX:XX:XX), Proto 0x800 ] [ IPv4 Addr (XXX.XXX.XXX.XXX => 212.42.76.253), Proto (6), TTL (64), TOS (0), ... ), CSum (0x1ef5) is ok ] [ Geo (local => Ukraine) ] [ TCP Port (45849 => 443 (https)), SN (0x1744209), AN (0x46ca9611), DataOff (8) ... [ Chr .....w.Rj).. ] [ Hex XX XX XX XX XX XX XX XX XX XX XX XX ] Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-05-04netsniff-ng: Rename protocol dissector member of struct pkt_buffTobias Klauser1-7/+7
In commit d312a25879d5 ("netsniff-ng nlmsg: Print netlink protocol name"), the struct protocol member of struct pkt_buff was renamed to handler to account for the newly added proto field. However, the corresponding function pkt_set_proto wasn't renamed which is a bit counter-intuitive. Fix this by renaming the member again, this time to dissector (as I don't consider handler a particulary meaningful name) and adjust the set function's name accordingly. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-27pkt_buff: Change type of link_type fieldTobias Klauser1-1/+1
The link type is handled as uint32_t in the rest of the code base so use that type here as well. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-27netsniff-ng nlmsg: Print netlink protocol nameVadim Kochan1-5/+6
nlmsg proto handler can't identify Netlink protocol from nlmsghdr, so sockaddr_ll can be used to get it. Also renamed [proto -> handler] member in pkt_buff struct, which is more understandable. Example: >U nlmon0 4756 1429891435s.14505747ns [ NLMSG Proto 0 (RTNETLINK), Len 1160, Type 0x0010 (0x10), Flags 0x0002 (MULTI), Seq-Nr 1429891436, PID 31613 ] Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Handle usage of NETLINK_SOCK_DIAG with pre 3.10 kernel headers, fix nl_proto2str() return value, formatting changes] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-13netsniff-ng: Consider radiotap header of monitor devVadim Kochan1-0/+1
netsniff-ng does not check if monitor device includes radiotap header which leads to the wrong 802.11 frame parsing. Tested if the .pcap file is understandable by wireshark and if dump info is basically correct, but did not test the case when xmit packets from .pcap file to the output device and from the input device to the output device. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: whitespace changes] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-06-16pkt_buff: Remove unnecessary void castTobias Klauser1-1/+1
lookup_hash() returns void * which does not need to be cast. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2013-03-15all: import netsniff-ng 0.5.8-rc0 sourceDaniel Borkmann1-0/+112
We decided to get rid of the old Git history and start a new one for several reasons: *) Allow / enforce only high-quality commits (which was not the case for many commits in the history), have a policy that is more close to the one from the Linux kernel. With high quality commits, we mean code that is logically split into commits and commit messages that are signed-off and have a proper subject and message body. We do not allow automatic Github merges anymore, since they are total bullshit. However, we will either cherry-pick your patches or pull them manually. *) The old archive was about ~27MB for no particular good reason. This basically derived from the bad decision that also some PDF files where stored there. From this moment onwards, no binary objects are allowed to be stored in this repository anymore. The old archive is not wiped away from the Internet. You will still be able to find it, e.g. on git.cryptoism.org etc. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>