summaryrefslogtreecommitdiff
path: root/proto_nlmsg.c
AgeCommit message (Collapse)AuthorFilesLines
2017-03-06netsniff-ng: nlmsg: Drop dissection of GENL_ID_GENERATE typeTobias Klauser1-3/+9
After kernel commit a07ea4d9941a ("genetlink: no longer support using static family IDs"), GENL_ID_GENERATE is no longer exposed to userspace (and actually should never have been). Change the genl nlmsg dissector to only consider the nlctrl family and the two other static family IDs needed for workarounds. All other family IDs are considered dynamically generated. Fixes #171 Reported-by: Jaroslav Škarvada <jskarvad@redhat.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2016-09-29all: fix build on CentOS 6 by checking presence of several macrosYousong Zhou1-0/+4
Protect usage of macros not present in pre-3.x kernels. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-27netsniff-ng: nlmsg: Remove unnecessary empty linesTobias Klauser1-7/+0
Remove empty lines in switch/case after break in genl_print_ctrl_attrs to be consistent with coding style in the rest of the file. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-27netsniff-ng: nlmsg: Print genl ops & mcast groups attributesVadim Kochan1-14/+92
Dump Generic netlink ops & mcast groups nested attributes. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-16netsniff-ng: nlmsg: Check message length before dissect rtnlVadim Kochan1-0/+12
Do not print rtnl message if there is only nlmsg header, which is happen when dump all rtnl table. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-16netsniff-ng: nlmsg: Rename attr_fmt to rta_fmtTobias Klauser1-38/+37
Rename attr_fmt to rta_fmt as it uses rtattr struct. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-16netsniff-ng: nlmsg: Print generic netlink ctrl family infoVadim Kochan1-13/+158
Add dissection of basic Netlink Generic Controller family info. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-16netsniff-ng: nlmsg: Print not dissected attribute type numberVadim Kochan1-1/+12
Print not handled attributes which will be helpful to indicate such attributes and add dissection code. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-11netsniff-ng: nlmsg: Explicitly cast RTA_LEN to an intTobias Klauser1-4/+4
It looks like the result of RTA_PAYLOAD() can be of different type depending on architecture/kernel header version/... In order to prevent warnings related to non-matching types, just explicitly cast RTA_LEN to an int, since it can't possible be larger than the unsigned short of rta_len anyhow and it is used as an in in the call to device_addr2str(). Fixes: 664dcf4217 ("netsniff-ng: nlmsg: Use correct pritnf format specifier for int") Reported-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-11-10netsniff-ng: nlmsg: Use correct pritnf format specifier for intTobias Klauser1-1/+1
RTA_LEN is defined as an alias of RTA_PAYLOAD which is defined as: #define RTA_PAYLOAD(rta) ((int)((rta)->rta_len) - RTA_LENGTH(0)) Thus use the correct format specifier %d for int instead of %lu. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-19netsniff-ng: nlmsg: Display raw data if family is unknownTobias Klauser1-0/+12
Currently we only support full dissection of RTNL netlink messages. For non-RTNL message we only print the header and omit the data. Change this behavior and print a full ascii/hex dump of the remaining data (like it is done in dissector_entry_point() for trailing data after all known protocols have been processed) to give the user a chance to still inspect the message content. Reported-by: Geoff Ladwig <gladwig@verdantnetworks.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-10-19netsniff-ng: nlmsg: Display "(none)" instead of "()" for zero flagsTobias Klauser1-2/+3
nl_nlmsg_flags2str() returns an empty string if the provided flags argument is 0. Check this condition and display "none" instead to make the output nicer to read. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-15netsniff-ng: nlmsg: mmaped packet checkKen-ichirou MATSUZAWA1-2/+13
The size of mmaped netlink packet is equals to its frame size, so may be different from actual size. It can be checked by the next nlmsg len is 0 or not, and trim it in that case. Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-09-15netsniff-ng: nlmsg: update pull sizeKen-ichirou MATSUZAWA1-4/+4
It would be better to use NLMSG_HDRLEN instead of sizeof(*hdr) and not to use NLMSG_PAYLOAD to get payload length, I think. Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-07-17flowtop, netsniff-ng: Move process name extraction to own functionTobias Klauser1-9/+4
flowtop and the netsniff-ng's netlink message dissector both need to get the process name for a pid from /proc/<pid>/exe, thus move that functionality to an own function. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-29netsniff-ng: nlmsg: Define NTF_* constants if not provided by kernel headersTobias Klauser1-2/+20
NTF_SELF and NTF_MASTER might not be defined on older kernel versions (as is e.g. the case in the Travis CI build failing [1]). Fix this by conditionally defining all NTF_* constants. [1] https://travis-ci.org/netsniff-ng/netsniff-ng/jobs/68779130 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-20netsniff-ng: Add dissector for Linux "cooked" packetsVadim Kochan1-2/+2
Added dissector_sll.c which uses sockaddr_ll to lookup & print higher L3 layer protocol. This dissector is mapped by LINKTYPE_LINUX_SLL link type. Sample output of dissected Netlink & Ethernet packets. Truncated manually some longer lines by "...": > nlmon0 20 1434193547s.717131169ns #6 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 824 (netlink), Addr Len 0, Src (), Proto 0x0 ] [ NLMSG Family 0 (routing), Len 20, Type 0x0003 (DONE)... > wlp3s0 52 1434194181s.436224709ns #9 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 1 (ether), Addr Len 6, Src (XX:XX:XX:XX:XX:XX), Proto 0x800 ] [ IPv4 Addr (XXX.XXX.XXX.XXX => 212.42.76.253), Proto (6), TTL (64), TOS (0), ... ), CSum (0x1ef5) is ok ] [ Geo (local => Ukraine) ] [ TCP Port (45849 => 443 (https)), SN (0x1744209), AN (0x46ca9611), DataOff (8) ... [ Chr .....w.Rj).. ] [ Hex XX XX XX XX XX XX XX XX XX XX XX XX ] Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-17netsniff-ng: nlmsg: Print rtnl neigh infoVadim Kochan1-0/+101
Dissect basic rtnl neighbour info. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-13dev: Add device string convertions (addr, dev type)Vadim Kochan1-112/+4
Move device string convertions funcs (device_type2str, device_addr2str) from proto_nlmsg.c to dev.c to use them in other modules. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [ dbkm: minor stylistic fixes ] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-08netsniff-ng: nlmsg: Fix build for older kernel headersTobias Klauser1-0/+4
IFA_FLAGS and RTPROT_MROUTED might not be defined on older kernel versions (as is evident from the Travis CI build failing [1]). Fix it by conditionally using the two definitions. [1] https://travis-ci.org/netsniff-ng/netsniff-ng/jobs/65887691 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-06-05netsniff-ng, nlmsg: add further rtnl route type messages to dissectorVadim Kochan1-13/+214
Add some more dissection logic for dumping rtnetlink related infos with attributes. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-01netsniff-ng nlmsg: Dissect rtnl addr type messagesVadim Kochan1-25/+152
Dump RTnetlink address related info with attributes. Additional changes: - print 'Len' info at the end of each attribute. - print new line before each header if packet contains more netlink messages Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-06-01netsniff-ng, nlmsg: Dissect rtnl link type messagesVadim Kochan1-0/+233
Dump RTnetlink interface related info with attributes. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2015-05-18netsniff-ng nlmsg: Print multi-part messagesVadim Kochan1-14/+30
Pull & print more netlink messages from one packet which can be sent with MULTI flag. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-05netsniff-ng nlmsg: Print family & type in less modeVadim Kochan1-3/+5
Print 'Family' and 'Type' (considering family) fields in less mode. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-05-04netsniff-ng nlmsg: Print type for NETLINK_ROUTEVadim Kochan1-2/+88
Print nlmsg type name for rtnetlink messages. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tk: ifdef guards for RTM_NEWNETCONF and RTMNEWMDB, other minor fixes] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-27netsniff-ng: nlmsg: Make netlink family strings more descriptiveTobias Klauser1-23/+23
Instead of just reproducing the macro name, provide a little more information (as given in the comments next to the definitions in linux/netlink.h) Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-27netsniff-ng: nlmsg: Rename function and dissector fieldTobias Klauser1-3/+3
Netlink messages don't use the term `family' instead of `protocol', so stick to it when printing dissected information. Also, functions with the `nl_' prefix are used by libnl, so in order to not confuse it with libnl functions, rename nl_proto2str() to nlmsg_family2str() Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-27netsniff-ng nlmsg: Print netlink protocol nameVadim Kochan1-0/+35
nlmsg proto handler can't identify Netlink protocol from nlmsghdr, so sockaddr_ll can be used to get it. Also renamed [proto -> handler] member in pkt_buff struct, which is more understandable. Example: >U nlmon0 4756 1429891435s.14505747ns [ NLMSG Proto 0 (RTNETLINK), Len 1160, Type 0x0010 (0x10), Flags 0x0002 (MULTI), Seq-Nr 1429891436, PID 31613 ] Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [tklauser: Handle usage of NETLINK_SOCK_DIAG with pre 3.10 kernel headers, fix nl_proto2str() return value, formatting changes] Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-23all: Fix libnl3 include pathTobias Klauser1-1/+1
The libnl3 examples [1] use <netlink/netlink.h> etc. and since pkg-config returns the paths including the libnl3 path component, we should specify our include paths relative to these ones, not /usr/include. [1] http://www.infradead.org/~tgr/libnl/doc/core.html#_linking_to_this_library Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-07netsniff-ng: Explicitely NULL-terminate readlink() result bufferTobias Klauser1-2/+4
Commit 6c5d0caf3b7c ("netsniff-ng: Fix process name when sniffing nlmon device") fixed the problem of not NULL-terminating the readlink() result buffer by initializing the entire buffer with '\0'. Switch to the more common and better readable idiom of explicitely writing a NULL byte after the readlink result string to make this more obvious. Also change the buffer size to PATH_MAX. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2015-04-07netsniff-ng: Fix process name when sniffing nlmon deviceVadim Kochan1-1/+1
While sniffing nlmon device the process name can be printed with non-letter characters because readlink does not put line ending '\0' Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-08-15dissectors: Include protos.h in some dissectors for protocol ops declarationTobias Klauser1-0/+1
Fixes sparse warnings like the following in some dissectors: proto_arp.c:158:17: warning: symbol 'arp_ops' was not declared. Should it be static? Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-06-04netsniff-ng: proto_nlmsg: Add notice about nlmsg pid fieldTobias Klauser1-1/+7
The port id field of the netlink message header does not necessarily indicate the PID of the receiving process [1] (e.g. in case of multithreaded applications or using multiple sockets). Mention this in a comment. [1] http://www.carisma.slowglass.com/~tgr/libnl/doc/core.html#core_netlink_fundamentals Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-28netsniff-ng: Print process name of the netlink message originTobias Klauser1-0/+19
In the netlink message dissector, use the PID from the header to look up the process name of the sending process. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2014-05-28netsniff-ng: Add netlink dissectorTobias Klauser1-0/+52
Add an initial implementation of a dissector to work on netlink messages as received from an nlmon device. Use can use it as follows to monitor netlink traffic to/from the kernel: modprobe nlmon ip link add type nlmon ip link set nlmon0 up netsniff-ng -i nlmon0 ip link set nlmon 0 down ip link del dev nlmon0 rmmod nlmon Fixes: #89 Suggested-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>