summaryrefslogtreecommitdiff
path: root/proto_nlmsg.c
AgeCommit message (Collapse)AuthorFilesLines
2015-11-16netsniff-ng: nlmsg: Print generic netlink ctrl family infoVadim Kochan1-13/+158
Add dissection of basic Netlink Generic Controller family info. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-16netsniff-ng: nlmsg: Print not dissected attribute type numberVadim Kochan1-1/+12
Print not handled attributes which will be helpful to indicate such attributes and add dissection code. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-11netsniff-ng: nlmsg: Explicitly cast RTA_LEN to an intTobias Klauser1-4/+4
It looks like the result of RTA_PAYLOAD() can be of different type depending on architecture/kernel header version/... In order to prevent warnings related to non-matching types, just explicitly cast RTA_LEN to an int, since it can't possible be larger than the unsigned short of rta_len anyhow and it is used as an in in the call to device_addr2str(). Fixes: 664dcf4217 ("netsniff-ng: nlmsg: Use correct pritnf format specifier for int") Reported-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-10netsniff-ng: nlmsg: Use correct pritnf format specifier for intTobias Klauser1-1/+1
RTA_LEN is defined as an alias of RTA_PAYLOAD which is defined as: #define RTA_PAYLOAD(rta) ((int)((rta)->rta_len) - RTA_LENGTH(0)) Thus use the correct format specifier %d for int instead of %lu. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-19netsniff-ng: nlmsg: Display raw data if family is unknownTobias Klauser1-0/+12
Currently we only support full dissection of RTNL netlink messages. For non-RTNL message we only print the header and omit the data. Change this behavior and print a full ascii/hex dump of the remaining data (like it is done in dissector_entry_point() for trailing data after all known protocols have been processed) to give the user a chance to still inspect the message content. Reported-by: Geoff Ladwig <gladwig@verdantnetworks.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-19netsniff-ng: nlmsg: Display "(none)" instead of "()" for zero flagsTobias Klauser1-2/+3
nl_nlmsg_flags2str() returns an empty string if the provided flags argument is 0. Check this condition and display "none" instead to make the output nicer to read. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-15netsniff-ng: nlmsg: mmaped packet checkKen-ichirou MATSUZAWA1-2/+13
The size of mmaped netlink packet is equals to its frame size, so may be different from actual size. It can be checked by the next nlmsg len is 0 or not, and trim it in that case. Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-15netsniff-ng: nlmsg: update pull sizeKen-ichirou MATSUZAWA1-4/+4
It would be better to use NLMSG_HDRLEN instead of sizeof(*hdr) and not to use NLMSG_PAYLOAD to get payload length, I think. Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop, netsniff-ng: Move process name extraction to own functionTobias Klauser1-9/+4
flowtop and the netsniff-ng's netlink message dissector both need to get the process name for a pid from /proc/<pid>/exe, thus move that functionality to an own function. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-29netsniff-ng: nlmsg: Define NTF_* constants if not provided by kernel headersTobias Klauser1-2/+20
NTF_SELF and NTF_MASTER might not be defined on older kernel versions (as is e.g. the case in the Travis CI build failing [1]). Fix this by conditionally defining all NTF_* constants. [1] https://travis-ci.org/netsniff-ng/netsniff-ng/jobs/68779130 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-20netsniff-ng: Add dissector for Linux "cooked" packetsVadim Kochan1-2/+2
Added dissector_sll.c which uses sockaddr_ll to lookup & print higher L3 layer protocol. This dissector is mapped by LINKTYPE_LINUX_SLL link type. Sample output of dissected Netlink & Ethernet packets. Truncated manually some longer lines by "...": > nlmon0 20 1434193547s.717131169ns #6 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 824 (netlink), Addr Len 0, Src (), Proto 0x0 ] [ NLMSG Family 0 (routing), Len 20, Type 0x0003 (DONE)... > wlp3s0 52 1434194181s.436224709ns #9 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 1 (ether), Addr Len 6, Src (XX:XX:XX:XX:XX:XX), Proto 0x800 ] [ IPv4 Addr (XXX.XXX.XXX.XXX => 212.42.76.253), Proto (6), TTL (64), TOS (0), ... ), CSum (0x1ef5) is ok ] [ Geo (local => Ukraine) ] [ TCP Port (45849 => 443 (https)), SN (0x1744209), AN (0x46ca9611), DataOff (8) ... [ Chr .....w.Rj).. ] [ Hex XX XX XX XX XX XX XX XX XX XX XX XX ] Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-17netsniff-ng: nlmsg: Print rtnl neigh infoVadim Kochan1-0/+101
Dissect basic rtnl neighbour info. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-13dev: Add device string convertions (addr, dev type)Vadim Kochan1-112/+4
Move device string convertions funcs (device_type2str, device_addr2str) from proto_nlmsg.c to dev.c to use them in other modules. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [ dbkm: minor stylistic fixes ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-08netsniff-ng: nlmsg: Fix build for older kernel headersTobias Klauser1-0/+4
IFA_FLAGS and RTPROT_MROUTED might not be defined on older kernel versions (as is evident from the Travis CI build failing [1]). Fix it by conditionally using the two definitions. [1] https://travis-ci.org/netsniff-ng/netsniff-ng/jobs/65887691 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-05netsniff-ng, nlmsg: add further rtnl route type messages to dissectorVadim Kochan1-13/+214
Add some more dissection logic for dumping rtnetlink related infos with attributes. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-01netsniff-ng nlmsg: Dissect rtnl addr type messagesVadim Kochan1-25/+152
Dump RTnetlink address related info with attributes. Additional changes: - print 'Len' info at the end of each attribute. - print new line before each header if packet contains more netlink messages Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-01netsniff-ng, nlmsg: Dissect rtnl link type messagesVadim Kochan1-0/+233
Dump RTnetlink interface related info with attributes. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-05-18netsniff-ng nlmsg: Print multi-part messagesVadim Kochan1-14/+30
Pull & print more netlink messages from one packet which can be sent with MULTI flag. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-05netsniff-ng nlmsg: Print family & type in less modeVadim Kochan1-3/+5
Print 'Family' and 'Type' (considering family) fields in less mode. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-04netsniff-ng nlmsg: Print type for NETLINK_ROUTEVadim Kochan1-2/+88
Print nlmsg type name for rtnetlink messages. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tk: ifdef guards for RTM_NEWNETCONF and RTMNEWMDB, other minor fixes] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-27netsniff-ng: nlmsg: Make netlink family strings more descriptiveTobias Klauser1-23/+23
Instead of just reproducing the macro name, provide a little more information (as given in the comments next to the definitions in linux/netlink.h) Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-27netsniff-ng: nlmsg: Rename function and dissector fieldTobias Klauser1-3/+3
Netlink messages don't use the term `family' instead of `protocol', so stick to it when printing dissected information. Also, functions with the `nl_' prefix are used by libnl, so in order to not confuse it with libnl functions, rename nl_proto2str() to nlmsg_family2str() Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-27netsniff-ng nlmsg: Print netlink protocol nameVadim Kochan1-0/+35
nlmsg proto handler can't identify Netlink protocol from nlmsghdr, so sockaddr_ll can be used to get it. Also renamed [proto -> handler] member in pkt_buff struct, which is more understandable. Example: >U nlmon0 4756 1429891435s.14505747ns [ NLMSG Proto 0 (RTNETLINK), Len 1160, Type 0x0010 (0x10), Flags 0x0002 (MULTI), Seq-Nr 1429891436, PID 31613 ] Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Handle usage of NETLINK_SOCK_DIAG with pre 3.10 kernel headers, fix nl_proto2str() return value, formatting changes] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-23all: Fix libnl3 include pathTobias Klauser1-1/+1
The libnl3 examples [1] use <netlink/netlink.h> etc. and since pkg-config returns the paths including the libnl3 path component, we should specify our include paths relative to these ones, not /usr/include. [1] http://www.infradead.org/~tgr/libnl/doc/core.html#_linking_to_this_library Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-07netsniff-ng: Explicitely NULL-terminate readlink() result bufferTobias Klauser1-2/+4
Commit 6c5d0caf3b7c ("netsniff-ng: Fix process name when sniffing nlmon device") fixed the problem of not NULL-terminating the readlink() result buffer by initializing the entire buffer with '\0'. Switch to the more common and better readable idiom of explicitely writing a NULL byte after the readlink result string to make this more obvious. Also change the buffer size to PATH_MAX. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-07netsniff-ng: Fix process name when sniffing nlmon deviceVadim Kochan1-1/+1
While sniffing nlmon device the process name can be printed with non-letter characters because readlink does not put line ending '\0' Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-08-15dissectors: Include protos.h in some dissectors for protocol ops declarationTobias Klauser1-0/+1
Fixes sparse warnings like the following in some dissectors: proto_arp.c:158:17: warning: symbol 'arp_ops' was not declared. Should it be static? Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-06-04netsniff-ng: proto_nlmsg: Add notice about nlmsg pid fieldTobias Klauser1-1/+7
The port id field of the netlink message header does not necessarily indicate the PID of the receiving process [1] (e.g. in case of multithreaded applications or using multiple sockets). Mention this in a comment. [1] http://www.carisma.slowglass.com/~tgr/libnl/doc/core.html#core_netlink_fundamentals Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-28netsniff-ng: Print process name of the netlink message originTobias Klauser1-0/+19
In the netlink message dissector, use the PID from the header to look up the process name of the sending process. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-28netsniff-ng: Add netlink dissectorTobias Klauser1-0/+52
Add an initial implementation of a dissector to work on netlink messages as received from an nlmon device. Use can use it as follows to monitor netlink traffic to/from the kernel: modprobe nlmon ip link add type nlmon ip link set nlmon0 up netsniff-ng -i nlmon0 ip link set nlmon 0 down ip link del dev nlmon0 rmmod nlmon Fixes: #89 Suggested-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>