[netsniff-ng] [PATCH 0/3] Add suport for Linux "cooked" header sniff & dissect

Sat, 13 Jun 2015 05:32:27 -0700 

This series adds supporting of Linux "cooked" header

        http://www.tcpdump.org/linktypes/LINKTYPE_NETLINK.html

which is compatible with Wireshark. Also it can be dissected by new
dissector_sll.c while dumping.

Needs to test on archs's with different byte ordering.

1) Moved some device's stuff string conversion functions from proto_nlmsg.c
to dev.c to be used in dissector_sll.c

2) Add suporting Linux "cooked" header.
Added -w,--cooked option which replaces L2 header frame with cooked
header for each frame and allows to dump & dissect Ethernet & Netlink
packets together.

Linux "cooked" header is automatically used for Netlink link type
for the other cases (for -i any) it needs to specify "--cooked" option.

Used dgram packet socket when sniffing with "--cooked" option
to pull L2 header and wrap packet with Linux "cooked" header, it allows
compatibility with Wireshark.

3) Added dissector_sll.c to dissect packets with Linux "cooked" header.
Meanwhile it can dump only Netlink & Ethernet protos (L3 layer). This
dissector is used if link type is LINKTYPE_LINUX_SLL.

Vadim Kochan (3):
  dev: Add device string convertions (addr, dev type)
  netsniff-ng: Add support of Linux "cooked" header
  netsniff-ng: Add dissector for Linux "cooked" packets

 dev.c                | 111 +++++++++++++++
 dev.h                |   3 +
 dissector.c          |  12 +-
 dissector.h          |   2 +-
 dissector_sll.c      | 114 +++++++++++++++
 dissector_sll.h      |  18 +++
 linktype.h           |   1 +
 netsniff-ng.8        |  16 ++-
 netsniff-ng.c        |  35 +++--
 netsniff-ng/Makefile |   1 +
 pcap_io.h            | 390 ++++++++++++++++++++++++++++++++++++---------------
 pcap_mm.c            |  28 +++-
 pcap_rw.c            |  30 +++-
 pcap_sg.c            |  83 +++++------
 pkt_buff.h           |   2 +-
 proto_nlmsg.c        | 120 +---------------
 sock.c               |  10 ++
 sock.h               |   1 +
 18 files changed, 688 insertions(+), 289 deletions(-)
 create mode 100644 dissector_sll.c
 create mode 100644 dissector_sll.h

-- 
2.4.2

-- 
You received this message because you are subscribed to the Google Groups 
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to netsniff-ng+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to