From 5f4152b01e17433b29e3f9cc1407b60800b1e0b9 Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Wed, 28 May 2014 14:32:10 +0200
Subject: netsniff-ng: Add netlink dissector

Add an initial implementation of a dissector to work on netlink messages
as received from an nlmon device.

Use can use it as follows to monitor netlink traffic to/from the kernel:

  modprobe nlmon
  ip link add type nlmon
  ip link set nlmon0 up

  netsniff-ng -i nlmon0

  ip link set nlmon 0 down
  ip link del dev nlmon0
  rmmod nlmon

Fixes: #89
Suggested-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
---
 dissector_netlink.h | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 dissector_netlink.h

(limited to 'dissector_netlink.h')

diff --git a/dissector_netlink.h b/dissector_netlink.h
new file mode 100644
index 0000000..185881c
--- /dev/null
+++ b/dissector_netlink.h
@@ -0,0 +1,37 @@
+/*
+ * netsniff-ng - the packet sniffing beast
+ * Copyright 2014 Tobias Klauser.
+ * Subject to the GPL, version 2.
+ */
+
+#ifndef DISSECTOR_NETLINK_H
+#define DISSECTOR_NETLINK_H
+
+#include "protos.h"
+
+extern void dissector_init_netlink(int fnttype);
+extern void dissector_cleanup_netlink(void);
+
+#ifdef HAVE_DISSECTOR_PROTOS
+static inline struct protocol *dissector_get_netlink_entry_point(void)
+{
+	return &nlmsg_ops;
+}
+
+static inline struct protocol *dissector_get_netlink_exit_point(void)
+{
+	return &none_ops;
+}
+#else
+static inline struct protocol *dissector_get_netlink_entry_point(void)
+{
+	return NULL;
+}
+
+static inline struct protocol *dissector_get_netlink_exit_point(void)
+{
+	return NULL;
+}
+#endif /* HAVE_DISSECTOR_PROTOS */
+
+#endif /* DISSECTOR_NETLINK_H */
-- 
cgit v1.2.3-54-g00ecf