[netsniff-ng] [PATCH v2] netsniff-ng nlmsg: Print multi-part messages
From: Vadim Kochan vadi...@gmail.com
Pull print more Netlink messages from one packet
which can be sent with MULTI flag.
Signed-off-by: Vadim Kochan vadi...@gmail.com
---
proto_nlmsg.c | 44 ++--
1 file changed, 30 insertions(+), 14 deletions(-)
diff --git a/proto_nlmsg.c b/proto_nlmsg.c
index 136cec6..1b0eed7 100644
--- a/proto_nlmsg.c
+++ b/proto_nlmsg.c
@@ -133,16 +133,12 @@ static char *nlmsg_type2str(uint16_t proto, uint16_t
type, char *buf, int len)
return nl_nlmsgtype2str(type, buf, len);
}
-static void nlmsg(struct pkt_buff *pkt)
+static void nlmsg_print(uint16_t family, struct nlmsghdr *hdr)
{
- struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr));
char type[32];
char flags[128];
char procname[PATH_MAX];
- if (hdr == NULL)
- return;
-
/* Look up the process name if message is not coming from the kernel.
*
* Note that the port id is not necessarily equal to the PID of the
@@ -163,13 +159,15 @@ static void nlmsg(struct pkt_buff *pkt)
snprintf(procname, sizeof(procname), kernel);
tprintf( [ NLMSG );
- tprintf(Family %d (%s%s%s), , ntohs(pkt-proto), colorize_start(bold),
- nlmsg_family2str(ntohs(pkt-proto)), colorize_end());
+ tprintf(Family %d (%s%s%s), , family,
+ colorize_start(bold),
+ nlmsg_family2str(family),
+ colorize_end());
tprintf(Len %u, , hdr-nlmsg_len);
tprintf(Type 0x%.4x (%s%s%s), , hdr-nlmsg_type,
colorize_start(bold),
- nlmsg_type2str(ntohs(pkt-proto), hdr-nlmsg_type, type,
- sizeof(type)), colorize_end());
+ nlmsg_type2str(family, hdr-nlmsg_type, type, sizeof(type)),
+ colorize_end());
tprintf(Flags 0x%.4x (%s%s%s), , hdr-nlmsg_flags,
colorize_start(bold),
nl_nlmsg_flags2str(hdr-nlmsg_flags, flags, sizeof(flags)),
@@ -182,19 +180,37 @@ static void nlmsg(struct pkt_buff *pkt)
tprintf( ]\n);
}
+static void nlmsg(struct pkt_buff *pkt)
+{
+ struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr));
+
+ while (hdr) {
+ nlmsg_print(ntohs(pkt-proto), hdr);
+
+ if (!pkt_pull(pkt, NLMSG_PAYLOAD(hdr, 0)))
+ break;
+
+ hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr));
+ }
+}
+
static void nlmsg_less(struct pkt_buff *pkt)
{
struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr));
+ uint16_t family = ntohs(pkt-proto);
char type[32];
if (hdr == NULL)
return;
- tprintf( NLMSG Family %d (%s%s%s), , ntohs(pkt-proto),
colorize_start(bold),
- nlmsg_family2str(ntohs(pkt-proto)), colorize_end());
- tprintf(Type %u (%s%s%s), hdr-nlmsg_type, colorize_start(bold),
- nlmsg_type2str(ntohs(pkt-proto), hdr-nlmsg_type, type,
- sizeof(type)), colorize_end());
+ tprintf( NLMSG Family %d (%s%s%s), , family,
+ colorize_start(bold),
+ nlmsg_family2str(family),
+ colorize_end());
+ tprintf(Type %u (%s%s%s), hdr-nlmsg_type,
+ colorize_start(bold),
+ nlmsg_type2str(family, hdr-nlmsg_type, type, sizeof(type)),
+ colorize_end());
}
struct protocol nlmsg_ops = {
--
2.3.1
--
You received this message because you are subscribed to the Google Groups
netsniff-ng group.
To unsubscribe from this group and stop receiving emails from it, send an email
to netsniff-ng+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff-ng nlmsg: Dissect rtnl link type messages
From: Vadim Kochan vadi...@gmail.com
Dump RTnetlink interface related info with attributes.
Signed-off-by: Vadim Kochan vadi...@gmail.com
---
netsniff-ng/Makefile | 2 +
proto_nlmsg.c| 232 +++
2 files changed, 234 insertions(+)
diff --git a/netsniff-ng/Makefile b/netsniff-ng/Makefile
index 9fe2ffe..92990ff 100644
--- a/netsniff-ng/Makefile
+++ b/netsniff-ng/Makefile
@@ -1,5 +1,6 @@
netsniff-ng-libs = $(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH)
$(PKG_CONFIG) --libs libnl-3.0) \
$(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH)
$(PKG_CONFIG) --libs libnl-genl-3.0) \
+ $(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH)
$(PKG_CONFIG) --libs libnl-route-3.0) \
-lpthread
ifeq ($(CONFIG_LIBPCAP), 1)
@@ -78,6 +79,7 @@ endif
netsniff-ng-eflags = $(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) $(PKG_CONFIG)
--cflags libnl-3.0) \
$(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) $(PKG_CONFIG)
--cflags libnl-genl-3.0) \
+$(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) $(PKG_CONFIG)
--cflags libnl-route-3.0) \
-DNEED_TCPDUMP_LIKE_FILTER
netsniff-ng-confs =ether.conf \
diff --git a/proto_nlmsg.c b/proto_nlmsg.c
index 1b0eed7..c482df1 100644
--- a/proto_nlmsg.c
+++ b/proto_nlmsg.c
@@ -9,6 +9,9 @@
#include limits.h
#include libgen.h
#include netlink/msg.h
+#include netlink/route/link.h
+#include linux/if_arp.h
+#include arpa/inet.h
#include pkt_buff.h
#include proto.h
@@ -120,6 +123,114 @@ static const char *nlmsg_rtnl_type2str(uint16_t type)
}
}
+static char *if_type2str(uint16_t type)
+{
+ switch (type) {
+ case ARPHRD_ETHER: return ether;
+ case ARPHRD_EETHER: return eether;
+ case ARPHRD_AX25: return ax25;
+ case ARPHRD_PRONET: return pronet;
+ case ARPHRD_CHAOS: return chaos;
+ case ARPHRD_IEEE802: return ieee802;
+ case ARPHRD_ARCNET: return arcnet;
+ case ARPHRD_APPLETLK: return appletlk;
+ case ARPHRD_DLCI: return dlci;
+ case ARPHRD_ATM: return atm;
+ case ARPHRD_METRICOM: return metricom;
+ case ARPHRD_IEEE1394: return ieee1394;
+ case ARPHRD_INFINIBAND: return infiniband;
+ case ARPHRD_SLIP: return slip;
+ case ARPHRD_CSLIP: return cslip;
+ case ARPHRD_SLIP6: return slip6;
+ case ARPHRD_CSLIP6: return cslip6;
+ case ARPHRD_RSRVD: return RSRVD;
+ case ARPHRD_ADAPT: return adapt;
+ case ARPHRD_ROSE: return rose;
+ case ARPHRD_X25: return x25;
+ case ARPHRD_HWX25: return hwx25;
+ case ARPHRD_CAN: return can;
+ case ARPHRD_PPP: return ppp;
+ case ARPHRD_HDLC: return hdlc;
+ case ARPHRD_LAPB: return lapb;
+ case ARPHRD_DDCMP: return ddcmp;
+ case ARPHRD_RAWHDLC: return rawhdlc;
+ case ARPHRD_TUNNEL: return tunnel;
+ case ARPHRD_TUNNEL6: return tunnel6;
+ case ARPHRD_FRAD: return frad;
+ case ARPHRD_SKIP: return skip;
+ case ARPHRD_LOOPBACK: return loopback;
+ case ARPHRD_LOCALTLK: return localtlk;
+ case ARPHRD_FDDI: return fddi;
+ case ARPHRD_BIF: return bif;
+ case ARPHRD_SIT: return sit;
+ case ARPHRD_IPDDP: return ipddp;
+ case ARPHRD_IPGRE: return ipgre;
+ case ARPHRD_PIMREG: return pimreg;
+ case ARPHRD_HIPPI: return hippi;
+ case ARPHRD_ASH: return ash;
+ case ARPHRD_ECONET: return econet;
+ case ARPHRD_IRDA: return irda;
+ case ARPHRD_FCPP: return fcpp;
+ case ARPHRD_FCAL: return fcal;
+ case ARPHRD_FCPL: return fcpl;
+ case ARPHRD_FCFABRIC: return fcfb0;
+ case ARPHRD_FCFABRIC + 1: return fcfb1;
+ case ARPHRD_FCFABRIC + 2: return fcfb2;
+ case ARPHRD_FCFABRIC + 3: return fcfb3;
+ case ARPHRD_FCFABRIC + 4: return fcfb4;
+ case ARPHRD_FCFABRIC + 5: return fcfb5;
+ case ARPHRD_FCFABRIC + 6: return fcfb6;
+ case ARPHRD_FCFABRIC + 7: return fcfb7;
+ case ARPHRD_FCFABRIC + 8: return fcfb8;
+ case ARPHRD_FCFABRIC + 9: return fcfb9;
+ case ARPHRD_FCFABRIC + 10: return fcfb10;
+ case ARPHRD_FCFABRIC + 11: return fcfb11;
+ case ARPHRD_FCFABRIC + 12: return fcfb12;
+ case ARPHRD_IEEE802_TR: return ieee802_tr;
+ case ARPHRD_IEEE80211: return ieee80211;
+ case ARPHRD_IEEE80211_PRISM: return ieee80211_prism;
+ case ARPHRD_IEEE80211_RADIOTAP: return ieee80211_radiotap;
+ case ARPHRD_IEEE802154: return ieee802154;
+ case ARPHRD_PHONET: return phonet;
+ case ARPHRD_PHONET_PIPE: return phonet_pipe;
+ case ARPHRD_CAIF: return caif;
+ case ARPHRD_IP6GRE: return ip6gre;
+ case ARPHRD_NETLINK: return netlink;
+ case ARPHRD_NONE: return none;
+ case ARPHRD_VOID: return void;
+
+ default: return Unknown;
+ }
+}
+
+static const char *if_addr2str(const unsigned char *addr, int alen, int
Re: [netsniff-ng] [PATCH v2] netsniff-ng nlmsg: Print multi-part messages
On 2015-05-18 at 10:36:53 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Pull print more Netlink messages from one packet which can be sent with MULTI flag. Signed-off-by: Vadim Kochan vadi...@gmail.com Thanks! I applied this now. -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
