|
 |
9b1536 |
From 23d2673796e60c7fea6ba218eb084cbd59e7271b Mon Sep 17 00:00:00 2001
|
|
|
9b1536 |
From: Daniel Borkmann <dborkman@redhat.com>
|
|
|
9b1536 |
Date: Mon, 18 Nov 2013 15:39:37 -0800
|
|
|
9b1536 |
Subject: [PATCH] linktype: add netlink link/dlt type
|
|
|
9b1536 |
|
|
|
9b1536 |
With Linux 3.11, we have the possibility to debug local netlink traffic
|
|
|
9b1536 |
[1] i.e. the workflow looks like this:
|
|
|
9b1536 |
|
|
|
9b1536 |
Setup:
|
|
|
9b1536 |
modprobe nlmon
|
|
|
9b1536 |
ip link add type nlmon
|
|
|
9b1536 |
ip link set nlmon0 up
|
|
|
9b1536 |
|
|
|
9b1536 |
Capture:
|
|
|
9b1536 |
tcpdump -i nlmon0 ...
|
|
|
9b1536 |
|
|
|
9b1536 |
Teardown:
|
|
|
9b1536 |
ip link set nlmon0 down
|
|
|
9b1536 |
ip link del dev nlmon0
|
|
|
9b1536 |
rmmod nlmon
|
|
|
9b1536 |
|
|
|
9b1536 |
For pcap interoperability, introduce a common link type for netlink
|
|
|
9b1536 |
captures.
|
|
|
9b1536 |
---
|
|
|
9b1536 |
pcap-common.c | 7 ++++++-
|
|
|
9b1536 |
pcap-linux.c | 13 +++++++++++++
|
|
|
9b1536 |
pcap/bpf.h | 7 ++++++-
|
|
|
9b1536 |
3 files changed, 25 insertions(+), 2 deletions(-)
|
|
|
9b1536 |
|
|
|
9b1536 |
diff --git a/pcap-common.c b/pcap-common.c
|
|
|
9b1536 |
index 6175a5a..f26d22e 100644
|
|
|
9b1536 |
--- a/pcap-common.c
|
|
|
9b1536 |
+++ b/pcap-common.c
|
|
|
9b1536 |
@@ -932,7 +932,12 @@
|
|
|
9b1536 |
*/
|
|
|
9b1536 |
#define LINKTYPE_WIRESHARK_UPPER_PDU 252
|
|
|
9b1536 |
|
|
|
9b1536 |
-#define LINKTYPE_MATCHING_MAX 252 /* highest value in the "matching" range */
|
|
|
9b1536 |
+/*
|
|
|
9b1536 |
+ * Link-layer header type for the netlink protocol (nlmon devices).
|
|
|
9b1536 |
+ */
|
|
|
9b1536 |
+#define LINKTYPE_NETLINK 253
|
|
|
9b1536 |
+
|
|
|
9b1536 |
+#define LINKTYPE_MATCHING_MAX 253 /* highest value in the "matching" range */
|
|
|
9b1536 |
|
|
|
9b1536 |
static struct linktype_map {
|
|
|
9b1536 |
int dlt;
|
|
|
9b1536 |
diff --git a/pcap-linux.c b/pcap-linux.c
|
|
|
9b1536 |
index e817382..0651522 100644
|
|
|
9b1536 |
--- a/pcap-linux.c
|
|
|
9b1536 |
+++ b/pcap-linux.c
|
|
|
9b1536 |
@@ -2972,6 +2972,19 @@ static void map_arphrd_to_dlt(pcap_t *handle, int arptype, int cooked_ok)
|
|
|
9b1536 |
handle->linktype = DLT_IEEE802_15_4_NOFCS;
|
|
|
9b1536 |
break;
|
|
|
9b1536 |
|
|
|
9b1536 |
+#ifndef ARPHRD_NETLINK
|
|
|
9b1536 |
+#define ARPHRD_NETLINK 824
|
|
|
9b1536 |
+#endif
|
|
|
9b1536 |
+ case ARPHRD_NETLINK:
|
|
|
9b1536 |
+ handle->linktype = DLT_NETLINK;
|
|
|
9b1536 |
+ /*
|
|
|
9b1536 |
+ * We need to use cooked mode, so that in sll_protocol we
|
|
|
9b1536 |
+ * pick up the netlink protocol type such as NETLINK_ROUTE,
|
|
|
9b1536 |
+ * NETLINK_GENERIC, NETLINK_FIB_LOOKUP, etc.
|
|
|
9b1536 |
+ */
|
|
|
9b1536 |
+ handle->cooked = 1;
|
|
|
9b1536 |
+ break;
|
|
|
9b1536 |
+
|
|
|
9b1536 |
default:
|
|
|
9b1536 |
handle->linktype = -1;
|
|
|
9b1536 |
break;
|
|
|
9b1536 |
diff --git a/pcap/bpf.h b/pcap/bpf.h
|
|
|
9b1536 |
index ad36eb6..8286ed5 100644
|
|
|
9b1536 |
--- a/pcap/bpf.h
|
|
|
9b1536 |
+++ b/pcap/bpf.h
|
|
|
9b1536 |
@@ -1224,7 +1224,12 @@ struct bpf_program {
|
|
|
9b1536 |
*/
|
|
|
9b1536 |
#define DLT_WIRESHARK_UPPER_PDU 252
|
|
|
9b1536 |
|
|
|
9b1536 |
-#define DLT_MATCHING_MAX 252 /* highest value in the "matching" range */
|
|
|
9b1536 |
+/*
|
|
|
9b1536 |
+ * DLT type for the netlink protocol (nlmon devices).
|
|
|
9b1536 |
+ */
|
|
|
9b1536 |
+#define DLT_NETLINK 253
|
|
|
9b1536 |
+
|
|
|
9b1536 |
+#define DLT_MATCHING_MAX 253 /* highest value in the "matching" range */
|
|
|
9b1536 |
|
|
|
9b1536 |
/*
|
|
|
9b1536 |
* DLT and savefile link type values are split into a class and
|
|
|
9b1536 |
--
|
|
|
9b1536 |
2.4.3
|
|
|
9b1536 |
|