From 47b3d6c254ca31dc57af4a1a17526e1dc593702a Mon Sep 17 00:00:00 2001 From: Daniel Borkmann Date: Thu, 10 Apr 2014 11:42:36 +0200 Subject: dissector: display packet direction for tap'ing on netlink devices (nlmon) Linux kernel provides nlmon device (ARPHRD_NETLINK) driver that can tap on netlink traffic, e.g.: Setup: modprobe nlmon ip link add type nlmon ip link set nlmon0 up Capture: netsniff-ng -i nlmon0 ... (or -i any) Teardown: ip link set nlmon0 down ip link del dev nlmon0 rmmod nlmon Provide information about the packet direction (user space or kernel space), so that dissector will show that properly. Signed-off-by: Daniel Borkmann --- built_in.h | 8 ++++++++ dissector.h | 14 ++++++++------ 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/built_in.h b/built_in.h index 20d7317..d7d4b6b 100644 --- a/built_in.h +++ b/built_in.h @@ -398,4 +398,12 @@ static inline u64 cpu_to_le64(u64 val) # define ARPHRD_NETLINK 824 #endif +#ifndef PACKET_USER +# define PACKET_USER 6 +#endif + +#ifndef PACKET_KERNEL +# define PACKET_KERNEL 7 +#endif + #endif /* BUILT_IN_H */ diff --git a/dissector.h b/dissector.h index e26c235..c86a51d 100644 --- a/dissector.h +++ b/dissector.h @@ -28,12 +28,14 @@ extern char *if_indextoname(unsigned ifindex, char *ifname); static const char * const packet_types[256] = { - [PACKET_HOST] = "<", /* Incoming */ - [PACKET_BROADCAST] = "B", /* Broadcast */ - [PACKET_MULTICAST] = "M", /* Multicast */ - [PACKET_OTHERHOST] = "P", /* Promisc */ - [PACKET_OUTGOING] = ">", /* Outgoing */ - "?", /* Unknown */ + [0 ... 255] = "?", /* Unknown */ + [PACKET_HOST] = "<", /* Incoming */ + [PACKET_BROADCAST] = "B", /* Broadcast */ + [PACKET_MULTICAST] = "M", /* Multicast */ + [PACKET_OTHERHOST] = "P", /* Promisc */ + [PACKET_OUTGOING] = ">", /* Outgoing */ + [PACKET_USER] = ">U", /* To Userspace */ + [PACKET_KERNEL] = ">K", /* To Kernelspace */ }; static inline const char *__show_ts_source(uint32_t status) -- cgit v1.2.3-54-g00ecf