summaryrefslogtreecommitdiff
path: root/proto_nlmsg.c
AgeCommit message (Collapse)AuthorFilesLines
2015-04-27netsniff-ng nlmsg: Print netlink protocol nameVadim Kochan1-0/+35
nlmsg proto handler can't identify Netlink protocol from nlmsghdr, so sockaddr_ll can be used to get it. Also renamed [proto -> handler] member in pkt_buff struct, which is more understandable. Example: >U nlmon0 4756 1429891435s.14505747ns [ NLMSG Proto 0 (RTNETLINK), Len 1160, Type 0x0010 (0x10), Flags 0x0002 (MULTI), Seq-Nr 1429891436, PID 31613 ] Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Handle usage of NETLINK_SOCK_DIAG with pre 3.10 kernel headers, fix nl_proto2str() return value, formatting changes] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-23all: Fix libnl3 include pathTobias Klauser1-1/+1
The libnl3 examples [1] use <netlink/netlink.h> etc. and since pkg-config returns the paths including the libnl3 path component, we should specify our include paths relative to these ones, not /usr/include. [1] http://www.infradead.org/~tgr/libnl/doc/core.html#_linking_to_this_library Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-07netsniff-ng: Explicitely NULL-terminate readlink() result bufferTobias Klauser1-2/+4
Commit 6c5d0caf3b7c ("netsniff-ng: Fix process name when sniffing nlmon device") fixed the problem of not NULL-terminating the readlink() result buffer by initializing the entire buffer with '\0'. Switch to the more common and better readable idiom of explicitely writing a NULL byte after the readlink result string to make this more obvious. Also change the buffer size to PATH_MAX. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-07netsniff-ng: Fix process name when sniffing nlmon deviceVadim Kochan1-1/+1
While sniffing nlmon device the process name can be printed with non-letter characters because readlink does not put line ending '\0' Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-08-15dissectors: Include protos.h in some dissectors for protocol ops declarationTobias Klauser1-0/+1
Fixes sparse warnings like the following in some dissectors: proto_arp.c:158:17: warning: symbol 'arp_ops' was not declared. Should it be static? Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-06-04netsniff-ng: proto_nlmsg: Add notice about nlmsg pid fieldTobias Klauser1-1/+7
The port id field of the netlink message header does not necessarily indicate the PID of the receiving process [1] (e.g. in case of multithreaded applications or using multiple sockets). Mention this in a comment. [1] http://www.carisma.slowglass.com/~tgr/libnl/doc/core.html#core_netlink_fundamentals Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-28netsniff-ng: Print process name of the netlink message originTobias Klauser1-0/+19
In the netlink message dissector, use the PID from the header to look up the process name of the sending process. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-28netsniff-ng: Add netlink dissectorTobias Klauser1-0/+52
Add an initial implementation of a dissector to work on netlink messages as received from an nlmon device. Use can use it as follows to monitor netlink traffic to/from the kernel: modprobe nlmon ip link add type nlmon ip link set nlmon0 up netsniff-ng -i nlmon0 ip link set nlmon 0 down ip link del dev nlmon0 rmmod nlmon Fixes: #89 Suggested-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>