From 9977ec6012452bfc5053dbc90aed53f55064c86b Mon Sep 17 00:00:00 2001 From: Vadim Kochan Date: Tue, 16 Jun 2015 04:10:19 +0300 Subject: netsniff-ng: Add dissector for Linux "cooked" packets Added dissector_sll.c which uses sockaddr_ll to lookup & print higher L3 layer protocol. This dissector is mapped by LINKTYPE_LINUX_SLL link type. Sample output of dissected Netlink & Ethernet packets. Truncated manually some longer lines by "...": > nlmon0 20 1434193547s.717131169ns #6 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 824 (netlink), Addr Len 0, Src (), Proto 0x0 ] [ NLMSG Family 0 (routing), Len 20, Type 0x0003 (DONE)... > wlp3s0 52 1434194181s.436224709ns #9 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 1 (ether), Addr Len 6, Src (XX:XX:XX:XX:XX:XX), Proto 0x800 ] [ IPv4 Addr (XXX.XXX.XXX.XXX => 212.42.76.253), Proto (6), TTL (64), TOS (0), ... ), CSum (0x1ef5) is ok ] [ Geo (local => Ukraine) ] [ TCP Port (45849 => 443 (https)), SN (0x1744209), AN (0x46ca9611), DataOff (8) ... [ Chr .....w.Rj).. ] [ Hex XX XX XX XX XX XX XX XX XX XX XX XX ] Signed-off-by: Vadim Kochan Signed-off-by: Daniel Borkmann --- dissector.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'dissector.c') diff --git a/dissector.c b/dissector.c index 4cad588..6aa253d 100644 --- a/dissector.c +++ b/dissector.c @@ -14,6 +14,7 @@ #include "proto.h" #include "dissector.h" #include "dissector_eth.h" +#include "dissector_sll.h" #include "dissector_80211.h" #include "dissector_netlink.h" #include "linktype.h" @@ -61,7 +62,7 @@ static void dissector_main(struct pkt_buff *pkt, struct protocol *start, } void dissector_entry_point(uint8_t *packet, size_t len, int linktype, int mode, - uint16_t proto) + struct sockaddr_ll *sll) { struct protocol *proto_start, *proto_end; struct pkt_buff *pkt; @@ -71,7 +72,7 @@ void dissector_entry_point(uint8_t *packet, size_t len, int linktype, int mode, pkt = pkt_alloc(packet, len); pkt->link_type = linktype; - pkt->proto = proto; + pkt->sll = sll; switch (linktype) { case LINKTYPE_EN10MB: @@ -91,6 +92,11 @@ void dissector_entry_point(uint8_t *packet, size_t len, int linktype, int mode, proto_start = dissector_get_netlink_entry_point(); proto_end = dissector_get_netlink_exit_point(); break; + case LINKTYPE_LINUX_SLL: + case ___constant_swab32(LINKTYPE_LINUX_SLL): + proto_start = dissector_get_sll_entry_point(); + proto_end = dissector_get_sll_exit_point(); + break; default: proto_start = &none_ops; proto_end = NULL; @@ -120,6 +126,7 @@ void dissector_init_all(int fnttype) dissector_init_ethernet(fnttype); dissector_init_ieee80211(fnttype); dissector_init_netlink(fnttype); + dissector_init_sll(fnttype); } void dissector_cleanup_all(void) @@ -127,4 +134,5 @@ void dissector_cleanup_all(void) dissector_cleanup_ethernet(); dissector_cleanup_ieee80211(); dissector_cleanup_netlink(); + dissector_cleanup_sll(); } -- cgit v1.2.3-54-g00ecf