From 23d2673796e60c7fea6ba218eb084cbd59e7271b Mon Sep 17 00:00:00 2001
From: Daniel Borkmann <dborkman@redhat.com>
Date: Mon, 18 Nov 2013 15:39:37 -0800
Subject: [PATCH] linktype: add netlink link/dlt type

With Linux 3.11, we have the possibility to debug local netlink traffic
[1] i.e.  the workflow looks like this:

Setup:
  modprobe nlmon
  ip link add type nlmon
  ip link set nlmon0 up

Capture:
  tcpdump -i nlmon0 ...

Teardown:
  ip link set nlmon0 down
  ip link del dev nlmon0
  rmmod nlmon

For pcap interoperability, introduce a common link type for netlink
captures.
---
 pcap-common.c |  7 ++++++-
 pcap-linux.c  | 13 +++++++++++++
 pcap/bpf.h    |  7 ++++++-
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/pcap-common.c b/pcap-common.c
index 6175a5a..f26d22e 100644
--- a/pcap-common.c
+++ b/pcap-common.c
@@ -932,7 +932,12 @@
  */
 #define LINKTYPE_WIRESHARK_UPPER_PDU	252
 
-#define LINKTYPE_MATCHING_MAX	252		/* highest value in the "matching" range */
+/*
+ * Link-layer header type for the netlink protocol (nlmon devices).
+ */
+#define LINKTYPE_NETLINK		253
+
+#define LINKTYPE_MATCHING_MAX	253		/* highest value in the "matching" range */
 
 static struct linktype_map {
 	int	dlt;
diff --git a/pcap-linux.c b/pcap-linux.c
index e817382..0651522 100644
--- a/pcap-linux.c
+++ b/pcap-linux.c
@@ -2972,6 +2972,19 @@ static void map_arphrd_to_dlt(pcap_t *handle, int arptype, int cooked_ok)
                handle->linktype =  DLT_IEEE802_15_4_NOFCS;
                break;
 
+#ifndef ARPHRD_NETLINK
+#define ARPHRD_NETLINK	824
+#endif
+	case ARPHRD_NETLINK:
+		handle->linktype = DLT_NETLINK;
+		/*
+		 * We need to use cooked mode, so that in sll_protocol we
+		 * pick up the netlink protocol type such as NETLINK_ROUTE,
+		 * NETLINK_GENERIC, NETLINK_FIB_LOOKUP, etc.
+		 */
+		handle->cooked = 1;
+		break;
+
 	default:
 		handle->linktype = -1;
 		break;
diff --git a/pcap/bpf.h b/pcap/bpf.h
index ad36eb6..8286ed5 100644
--- a/pcap/bpf.h
+++ b/pcap/bpf.h
@@ -1224,7 +1224,12 @@ struct bpf_program {
  */
 #define DLT_WIRESHARK_UPPER_PDU	252
 
-#define DLT_MATCHING_MAX	252	/* highest value in the "matching" range */
+/*
+ * DLT type for the netlink protocol (nlmon devices).
+ */
+#define DLT_NETLINK		253
+
+#define DLT_MATCHING_MAX	253	/* highest value in the "matching" range */
 
 /*
  * DLT and savefile link type values are split into a class and
-- 
2.4.3