You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
92 lines
2.4 KiB
92 lines
2.4 KiB
From 23d2673796e60c7fea6ba218eb084cbd59e7271b Mon Sep 17 00:00:00 2001 |
|
From: Daniel Borkmann <dborkman@redhat.com> |
|
Date: Mon, 18 Nov 2013 15:39:37 -0800 |
|
Subject: [PATCH] linktype: add netlink link/dlt type |
|
|
|
With Linux 3.11, we have the possibility to debug local netlink traffic |
|
[1] i.e. the workflow looks like this: |
|
|
|
Setup: |
|
modprobe nlmon |
|
ip link add type nlmon |
|
ip link set nlmon0 up |
|
|
|
Capture: |
|
tcpdump -i nlmon0 ... |
|
|
|
Teardown: |
|
ip link set nlmon0 down |
|
ip link del dev nlmon0 |
|
rmmod nlmon |
|
|
|
For pcap interoperability, introduce a common link type for netlink |
|
captures. |
|
--- |
|
pcap-common.c | 7 ++++++- |
|
pcap-linux.c | 13 +++++++++++++ |
|
pcap/bpf.h | 7 ++++++- |
|
3 files changed, 25 insertions(+), 2 deletions(-) |
|
|
|
diff --git a/pcap-common.c b/pcap-common.c |
|
index 6175a5a..f26d22e 100644 |
|
--- a/pcap-common.c |
|
+++ b/pcap-common.c |
|
@@ -932,7 +932,12 @@ |
|
*/ |
|
#define LINKTYPE_WIRESHARK_UPPER_PDU 252 |
|
|
|
-#define LINKTYPE_MATCHING_MAX 252 /* highest value in the "matching" range */ |
|
+/* |
|
+ * Link-layer header type for the netlink protocol (nlmon devices). |
|
+ */ |
|
+#define LINKTYPE_NETLINK 253 |
|
+ |
|
+#define LINKTYPE_MATCHING_MAX 253 /* highest value in the "matching" range */ |
|
|
|
static struct linktype_map { |
|
int dlt; |
|
diff --git a/pcap-linux.c b/pcap-linux.c |
|
index e817382..0651522 100644 |
|
--- a/pcap-linux.c |
|
+++ b/pcap-linux.c |
|
@@ -2972,6 +2972,19 @@ static void map_arphrd_to_dlt(pcap_t *handle, int arptype, int cooked_ok) |
|
handle->linktype = DLT_IEEE802_15_4_NOFCS; |
|
break; |
|
|
|
+#ifndef ARPHRD_NETLINK |
|
+#define ARPHRD_NETLINK 824 |
|
+#endif |
|
+ case ARPHRD_NETLINK: |
|
+ handle->linktype = DLT_NETLINK; |
|
+ /* |
|
+ * We need to use cooked mode, so that in sll_protocol we |
|
+ * pick up the netlink protocol type such as NETLINK_ROUTE, |
|
+ * NETLINK_GENERIC, NETLINK_FIB_LOOKUP, etc. |
|
+ */ |
|
+ handle->cooked = 1; |
|
+ break; |
|
+ |
|
default: |
|
handle->linktype = -1; |
|
break; |
|
diff --git a/pcap/bpf.h b/pcap/bpf.h |
|
index ad36eb6..8286ed5 100644 |
|
--- a/pcap/bpf.h |
|
+++ b/pcap/bpf.h |
|
@@ -1224,7 +1224,12 @@ struct bpf_program { |
|
*/ |
|
#define DLT_WIRESHARK_UPPER_PDU 252 |
|
|
|
-#define DLT_MATCHING_MAX 252 /* highest value in the "matching" range */ |
|
+/* |
|
+ * DLT type for the netlink protocol (nlmon devices). |
|
+ */ |
|
+#define DLT_NETLINK 253 |
|
+ |
|
+#define DLT_MATCHING_MAX 253 /* highest value in the "matching" range */ |
|
|
|
/* |
|
* DLT and savefile link type values are split into a class and |
|
-- |
|
2.4.3 |
|
|
|
|