[netsniff-ng] [PATCH v2] netsniff-ng nlmsg: Print multi-part messages
From: Vadim Kochan vadi...@gmail.com Pull print more Netlink messages from one packet which can be sent with MULTI flag. Signed-off-by: Vadim Kochan vadi...@gmail.com --- proto_nlmsg.c | 44 ++-- 1 file changed, 30 insertions(+), 14 deletions(-) diff --git a/proto_nlmsg.c b/proto_nlmsg.c index 136cec6..1b0eed7 100644 --- a/proto_nlmsg.c +++ b/proto_nlmsg.c @@ -133,16 +133,12 @@ static char *nlmsg_type2str(uint16_t proto, uint16_t type, char *buf, int len) return nl_nlmsgtype2str(type, buf, len); } -static void nlmsg(struct pkt_buff *pkt) +static void nlmsg_print(uint16_t family, struct nlmsghdr *hdr) { - struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr)); char type[32]; char flags[128]; char procname[PATH_MAX]; - if (hdr == NULL) - return; - /* Look up the process name if message is not coming from the kernel. * * Note that the port id is not necessarily equal to the PID of the @@ -163,13 +159,15 @@ static void nlmsg(struct pkt_buff *pkt) snprintf(procname, sizeof(procname), kernel); tprintf( [ NLMSG ); - tprintf(Family %d (%s%s%s), , ntohs(pkt-proto), colorize_start(bold), - nlmsg_family2str(ntohs(pkt-proto)), colorize_end()); + tprintf(Family %d (%s%s%s), , family, + colorize_start(bold), + nlmsg_family2str(family), + colorize_end()); tprintf(Len %u, , hdr-nlmsg_len); tprintf(Type 0x%.4x (%s%s%s), , hdr-nlmsg_type, colorize_start(bold), - nlmsg_type2str(ntohs(pkt-proto), hdr-nlmsg_type, type, - sizeof(type)), colorize_end()); + nlmsg_type2str(family, hdr-nlmsg_type, type, sizeof(type)), + colorize_end()); tprintf(Flags 0x%.4x (%s%s%s), , hdr-nlmsg_flags, colorize_start(bold), nl_nlmsg_flags2str(hdr-nlmsg_flags, flags, sizeof(flags)), @@ -182,19 +180,37 @@ static void nlmsg(struct pkt_buff *pkt) tprintf( ]\n); } +static void nlmsg(struct pkt_buff *pkt) +{ + struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr)); + + while (hdr) { + nlmsg_print(ntohs(pkt-proto), hdr); + + if (!pkt_pull(pkt, NLMSG_PAYLOAD(hdr, 0))) + break; + + hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr)); + } +} + static void nlmsg_less(struct pkt_buff *pkt) { struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr)); + uint16_t family = ntohs(pkt-proto); char type[32]; if (hdr == NULL) return; - tprintf( NLMSG Family %d (%s%s%s), , ntohs(pkt-proto), colorize_start(bold), - nlmsg_family2str(ntohs(pkt-proto)), colorize_end()); - tprintf(Type %u (%s%s%s), hdr-nlmsg_type, colorize_start(bold), - nlmsg_type2str(ntohs(pkt-proto), hdr-nlmsg_type, type, - sizeof(type)), colorize_end()); + tprintf( NLMSG Family %d (%s%s%s), , family, + colorize_start(bold), + nlmsg_family2str(family), + colorize_end()); + tprintf(Type %u (%s%s%s), hdr-nlmsg_type, + colorize_start(bold), + nlmsg_type2str(family, hdr-nlmsg_type, type, sizeof(type)), + colorize_end()); } struct protocol nlmsg_ops = { -- 2.3.1 -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[netsniff-ng] [PATCH] netsniff-ng nlmsg: Dissect rtnl link type messages
From: Vadim Kochan vadi...@gmail.com Dump RTnetlink interface related info with attributes. Signed-off-by: Vadim Kochan vadi...@gmail.com --- netsniff-ng/Makefile | 2 + proto_nlmsg.c| 232 +++ 2 files changed, 234 insertions(+) diff --git a/netsniff-ng/Makefile b/netsniff-ng/Makefile index 9fe2ffe..92990ff 100644 --- a/netsniff-ng/Makefile +++ b/netsniff-ng/Makefile @@ -1,5 +1,6 @@ netsniff-ng-libs = $(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) $(PKG_CONFIG) --libs libnl-3.0) \ $(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) $(PKG_CONFIG) --libs libnl-genl-3.0) \ + $(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) $(PKG_CONFIG) --libs libnl-route-3.0) \ -lpthread ifeq ($(CONFIG_LIBPCAP), 1) @@ -78,6 +79,7 @@ endif netsniff-ng-eflags = $(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) $(PKG_CONFIG) --cflags libnl-3.0) \ $(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) $(PKG_CONFIG) --cflags libnl-genl-3.0) \ +$(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) $(PKG_CONFIG) --cflags libnl-route-3.0) \ -DNEED_TCPDUMP_LIKE_FILTER netsniff-ng-confs =ether.conf \ diff --git a/proto_nlmsg.c b/proto_nlmsg.c index 1b0eed7..c482df1 100644 --- a/proto_nlmsg.c +++ b/proto_nlmsg.c @@ -9,6 +9,9 @@ #include limits.h #include libgen.h #include netlink/msg.h +#include netlink/route/link.h +#include linux/if_arp.h +#include arpa/inet.h #include pkt_buff.h #include proto.h @@ -120,6 +123,114 @@ static const char *nlmsg_rtnl_type2str(uint16_t type) } } +static char *if_type2str(uint16_t type) +{ + switch (type) { + case ARPHRD_ETHER: return ether; + case ARPHRD_EETHER: return eether; + case ARPHRD_AX25: return ax25; + case ARPHRD_PRONET: return pronet; + case ARPHRD_CHAOS: return chaos; + case ARPHRD_IEEE802: return ieee802; + case ARPHRD_ARCNET: return arcnet; + case ARPHRD_APPLETLK: return appletlk; + case ARPHRD_DLCI: return dlci; + case ARPHRD_ATM: return atm; + case ARPHRD_METRICOM: return metricom; + case ARPHRD_IEEE1394: return ieee1394; + case ARPHRD_INFINIBAND: return infiniband; + case ARPHRD_SLIP: return slip; + case ARPHRD_CSLIP: return cslip; + case ARPHRD_SLIP6: return slip6; + case ARPHRD_CSLIP6: return cslip6; + case ARPHRD_RSRVD: return RSRVD; + case ARPHRD_ADAPT: return adapt; + case ARPHRD_ROSE: return rose; + case ARPHRD_X25: return x25; + case ARPHRD_HWX25: return hwx25; + case ARPHRD_CAN: return can; + case ARPHRD_PPP: return ppp; + case ARPHRD_HDLC: return hdlc; + case ARPHRD_LAPB: return lapb; + case ARPHRD_DDCMP: return ddcmp; + case ARPHRD_RAWHDLC: return rawhdlc; + case ARPHRD_TUNNEL: return tunnel; + case ARPHRD_TUNNEL6: return tunnel6; + case ARPHRD_FRAD: return frad; + case ARPHRD_SKIP: return skip; + case ARPHRD_LOOPBACK: return loopback; + case ARPHRD_LOCALTLK: return localtlk; + case ARPHRD_FDDI: return fddi; + case ARPHRD_BIF: return bif; + case ARPHRD_SIT: return sit; + case ARPHRD_IPDDP: return ipddp; + case ARPHRD_IPGRE: return ipgre; + case ARPHRD_PIMREG: return pimreg; + case ARPHRD_HIPPI: return hippi; + case ARPHRD_ASH: return ash; + case ARPHRD_ECONET: return econet; + case ARPHRD_IRDA: return irda; + case ARPHRD_FCPP: return fcpp; + case ARPHRD_FCAL: return fcal; + case ARPHRD_FCPL: return fcpl; + case ARPHRD_FCFABRIC: return fcfb0; + case ARPHRD_FCFABRIC + 1: return fcfb1; + case ARPHRD_FCFABRIC + 2: return fcfb2; + case ARPHRD_FCFABRIC + 3: return fcfb3; + case ARPHRD_FCFABRIC + 4: return fcfb4; + case ARPHRD_FCFABRIC + 5: return fcfb5; + case ARPHRD_FCFABRIC + 6: return fcfb6; + case ARPHRD_FCFABRIC + 7: return fcfb7; + case ARPHRD_FCFABRIC + 8: return fcfb8; + case ARPHRD_FCFABRIC + 9: return fcfb9; + case ARPHRD_FCFABRIC + 10: return fcfb10; + case ARPHRD_FCFABRIC + 11: return fcfb11; + case ARPHRD_FCFABRIC + 12: return fcfb12; + case ARPHRD_IEEE802_TR: return ieee802_tr; + case ARPHRD_IEEE80211: return ieee80211; + case ARPHRD_IEEE80211_PRISM: return ieee80211_prism; + case ARPHRD_IEEE80211_RADIOTAP: return ieee80211_radiotap; + case ARPHRD_IEEE802154: return ieee802154; + case ARPHRD_PHONET: return phonet; + case ARPHRD_PHONET_PIPE: return phonet_pipe; + case ARPHRD_CAIF: return caif; + case ARPHRD_IP6GRE: return ip6gre; + case ARPHRD_NETLINK: return netlink; + case ARPHRD_NONE: return none; + case ARPHRD_VOID: return void; + + default: return Unknown; + } +} + +static const char *if_addr2str(const unsigned char *addr, int alen, int
Re: [netsniff-ng] [PATCH v2] netsniff-ng nlmsg: Print multi-part messages
On 2015-05-18 at 10:36:53 +0200, Vadim Kochan vadi...@gmail.com wrote: From: Vadim Kochan vadi...@gmail.com Pull print more Netlink messages from one packet which can be sent with MULTI flag. Signed-off-by: Vadim Kochan vadi...@gmail.com Thanks! I applied this now. -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.