From: Vadim Kochan <vadi...@gmail.com> nlmsg proto handler can't identify Netlink protocol from nlmsghdr, so sockaddr_ll can be used to get it.
Also renamed [proto -> handler] member in pkt_buff struct, which is more understandable. Example: >U nlmon0 4756 1429891435s.14505747ns [ NLMSG Proto 0 (RTNETLINK), Len 1160, Type 0x0010 (0x10), Flags 0x0002 (MULTI), Seq-Nr 1429891436, PID 31613 ] Signed-off-by: Vadim Kochan <vadi...@gmail.com> --- dissector.c | 18 ++++++++++-------- dissector.h | 3 ++- netsniff-ng.c | 14 +++++++++----- pkt_buff.h | 19 ++++++++++--------- proto_nlmsg.c | 34 ++++++++++++++++++++++++++++++++++ 5 files changed, 65 insertions(+), 23 deletions(-) diff --git a/dissector.c b/dissector.c index 7c8ba39..5f60a11 100644 --- a/dissector.c +++ b/dissector.c @@ -42,25 +42,26 @@ int dissector_set_print_type(void *ptr, int type) static void dissector_main(struct pkt_buff *pkt, struct protocol *start, struct protocol *end) { - struct protocol *proto; + struct protocol *handler; if (!start) return; - for (pkt->proto = start; pkt->proto; ) { - if (unlikely(!pkt->proto->process)) + for (pkt->handler = start; pkt->handler; ) { + if (unlikely(!pkt->handler->process)) break; - proto = pkt->proto; - pkt->proto = NULL; - proto->process(pkt); + handler = pkt->handler; + pkt->handler = NULL; + handler->process(pkt); } if (end && likely(end->process)) end->process(pkt); } -void dissector_entry_point(uint8_t *packet, size_t len, int linktype, int mode) +void dissector_entry_point(uint8_t *packet, size_t len, int linktype, int mode, + uint16_t proto) { struct protocol *proto_start, *proto_end; struct pkt_buff *pkt; @@ -69,7 +70,8 @@ void dissector_entry_point(uint8_t *packet, size_t len, int linktype, int mode) return; pkt = pkt_alloc(packet, len); - pkt->link_type = linktype; + pkt->link_type = linktype; + pkt->proto = proto; switch (linktype) { case LINKTYPE_EN10MB: diff --git a/dissector.h b/dissector.h index fc20eda..b2fb6b9 100644 --- a/dissector.h +++ b/dissector.h @@ -100,7 +100,8 @@ static inline void show_frame_hdr(uint8_t *packet, size_t len, int linktype, } extern void dissector_init_all(int fnttype); -extern void dissector_entry_point(uint8_t *packet, size_t len, int linktype, int mode); +extern void dissector_entry_point(uint8_t *packet, size_t len, int linktype, + int mode, uint16_t proto); extern void dissector_cleanup_all(void); extern int dissector_set_print_type(void *ptr, int type); diff --git a/netsniff-ng.c b/netsniff-ng.c index ee9dc38..a239b8b 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -311,7 +311,8 @@ static void pcap_to_xmit(struct ctx *ctx) ctx->link_type, hdr, ctx->print_mode); dissector_entry_point(out, hdr->tp_h.tp_snaplen, - ctx->link_type, ctx->print_mode); + ctx->link_type, ctx->print_mode, + hdr->s_ll.sll_protocol); kernel_may_pull_from_tx(&hdr->tp_h); @@ -460,7 +461,8 @@ static void receive_to_xmit(struct ctx *ctx) ctx->link_type, hdr_in, ctx->print_mode); dissector_entry_point(in, hdr_in->tp_h.tp_snaplen, - ctx->link_type, ctx->print_mode); + ctx->link_type, ctx->print_mode, + hdr_in->s_ll.sll_protocol); if (frame_count_max != 0) { if (frame_count >= frame_count_max) { @@ -643,7 +645,8 @@ static void read_pcap(struct ctx *ctx) ctx->print_mode); dissector_entry_point(out, fm.tp_h.tp_snaplen, - ctx->link_type, ctx->print_mode); + ctx->link_type, ctx->print_mode, + fm.s_ll.sll_protocol); if (is_out_pcap) { size_t pcap_len = pcap_get_length(&phdr, ctx->magic); @@ -897,7 +900,7 @@ static void walk_t3_block(struct block_desc *pbd, struct ctx *ctx, hdr, ctx->print_mode, true); dissector_entry_point(packet, hdr->tp_snaplen, ctx->link_type, - ctx->print_mode); + ctx->print_mode, sll->sll_protocol); next: hdr = (void *) ((uint8_t *) hdr + hdr->tp_next_offset); sll = (void *) ((uint8_t *) hdr + TPACKET_ALIGN(sizeof(*hdr))); @@ -1031,7 +1034,8 @@ static void recv_only_or_dump(struct ctx *ctx) ctx->link_type, hdr, ctx->print_mode); dissector_entry_point(packet, hdr->tp_h.tp_snaplen, - ctx->link_type, ctx->print_mode); + ctx->link_type, ctx->print_mode, + hdr->s_ll.sll_protocol); if (frame_count_max != 0) { if (unlikely(frame_count >= frame_count_max)) { diff --git a/pkt_buff.h b/pkt_buff.h index 1350388..d51e3d3 100644 --- a/pkt_buff.h +++ b/pkt_buff.h @@ -19,19 +19,20 @@ struct pkt_buff { uint8_t *tail; unsigned int size; - struct protocol *proto; + struct protocol *handler; int link_type; + uint16_t proto; }; static inline struct pkt_buff *pkt_alloc(uint8_t *packet, unsigned int len) { struct pkt_buff *pkt = xmalloc(sizeof(*pkt)); - pkt->head = packet; - pkt->data = packet; - pkt->tail = packet + len; - pkt->size = len; - pkt->proto = NULL; + pkt->head = packet; + pkt->data = packet; + pkt->tail = packet + len; + pkt->size = len; + pkt->handler = NULL; return pkt; } @@ -105,9 +106,9 @@ static inline void pkt_set_proto(struct pkt_buff *pkt, struct hash_table *table, { bug_on(!pkt || !table); - pkt->proto = lookup_hash(key, table); - while (pkt->proto && key != pkt->proto->key) - pkt->proto = pkt->proto->next; + pkt->handler = lookup_hash(key, table); + while (pkt->handler && key != pkt->handler->key) + pkt->handler = pkt->handler->next; } #endif /* PKT_BUFF_H */ diff --git a/proto_nlmsg.c b/proto_nlmsg.c index 787d9d6..f7368b2 100644 --- a/proto_nlmsg.c +++ b/proto_nlmsg.c @@ -14,12 +14,42 @@ #include "proto.h" #include "protos.h" +static char *nl_proto2str(uint16_t proto) +{ + switch (proto) { + case NETLINK_ROUTE: return "RTNETLINK"; + case NETLINK_UNUSED: return "UNUSED"; + case NETLINK_USERSOCK: return "USERSOCK"; + case NETLINK_FIREWALL: return "FIREWALL"; + case NETLINK_SOCK_DIAG: return "SOCK_DIAG"; + case NETLINK_NFLOG: return "NFLOG"; + case NETLINK_XFRM: return "XFRM"; + case NETLINK_SELINUX: return "SELINUX"; + case NETLINK_ISCSI: return "ISCSI"; + case NETLINK_AUDIT: return "AUDIT"; + case NETLINK_FIB_LOOKUP: return "FIB_LOOKUP"; + case NETLINK_CONNECTOR: return "CONNECTOR"; + case NETLINK_NETFILTER: return "NETFILTER"; + case NETLINK_IP6_FW: return "IP6_FW"; + case NETLINK_DNRTMSG: return "DNRTMSG"; + case NETLINK_KOBJECT_UEVENT: return "UEVENT"; + case NETLINK_GENERIC: return "GENERIC"; + case NETLINK_SCSITRANSPORT: return "SCSI"; + case NETLINK_ECRYPTFS: return "ECRYPTFS"; + case NETLINK_RDMA: return "RDMA"; + case NETLINK_CRYPTO: return "CRYPTO"; + } + + return NULL; +} + static void nlmsg(struct pkt_buff *pkt) { struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr)); char type[32]; char flags[128]; char procname[PATH_MAX]; + char *proto_name; if (hdr == NULL) return; @@ -43,7 +73,11 @@ static void nlmsg(struct pkt_buff *pkt) } else snprintf(procname, sizeof(procname), "kernel"); + proto_name = nl_proto2str(ntohs(pkt->proto)); + tprintf(" [ NLMSG "); + tprintf("Proto %d (%s%s%s), ", ntohs(pkt->proto), colorize_start(bold), + proto_name ?: "Unknown", colorize_end()); tprintf("Len %u, ", hdr->nlmsg_len); tprintf("Type 0x%.4x (%s%s%s), ", hdr->nlmsg_type, colorize_start(bold), -- 2.3.1 -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.