From f5f002fd8966b78ece5b4e1757e639379619670a Mon Sep 17 00:00:00 2001 From: Tobias Klauser Date: Mon, 19 Oct 2015 17:20:26 +0200 Subject: netsniff-ng: nlmsg: Display raw data if family is unknown Currently we only support full dissection of RTNL netlink messages. For non-RTNL message we only print the header and omit the data. Change this behavior and print a full ascii/hex dump of the remaining data (like it is done in dissector_entry_point() for trailing data after all known protocols have been processed) to give the user a chance to still inspect the message content. Reported-by: Geoff Ladwig Signed-off-by: Tobias Klauser --- proto_nlmsg.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/proto_nlmsg.c b/proto_nlmsg.c index 6f0a13d..ce97c6d 100644 --- a/proto_nlmsg.c +++ b/proto_nlmsg.c @@ -704,6 +704,16 @@ static void rtnl_msg_print(struct nlmsghdr *hdr) } } +static void nlmsg_print_raw(struct nlmsghdr *hdr) +{ + u32 len = hdr->nlmsg_len; + + if (len) { + _ascii((uint8_t *) hdr + NLMSG_HDRLEN, len - NLMSG_HDRLEN); + _hex((uint8_t *) hdr + NLMSG_HDRLEN, len - NLMSG_HDRLEN); + } +} + static void nlmsg_print(uint16_t family, struct nlmsghdr *hdr) { u16 nlmsg_flags = hdr->nlmsg_flags; @@ -747,6 +757,8 @@ static void nlmsg_print(uint16_t family, struct nlmsghdr *hdr) if (family == NETLINK_ROUTE) rtnl_msg_print(hdr); + else + nlmsg_print_raw(hdr); } static void nlmsg(struct pkt_buff *pkt) -- cgit v1.2.3-54-g00ecf