linktype: add netlink link/dlt type

With Linux 3.11, we have the possibility to debug local netlink traffic [1] i.e. the workflow looks like this: Setup: modprobe nlmon ip link add type nlmon ip link set nlmon0 up Capture: tcpdump -i nlmon0 ... Teardown: ip link set nlmon0 down ip link del dev nlmon0 rmmod nlmon For pcap interoperability, introduce a common link type for netlink captures.
mcr · Nov 18, 2013 · 23d2673 · 23d2673
1 parent 11031d0
commit 23d2673
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 2 deletions.
diff --git a/pcap-common.c b/pcap-common.c
@@ -932,7 +932,12 @@
  */
 #define LINKTYPE_WIRESHARK_UPPER_PDU	252
 
-#define LINKTYPE_MATCHING_MAX	252		/* highest value in the "matching" range */
+/*
+ * Link-layer header type for the netlink protocol (nlmon devices).
+ */
+#define LINKTYPE_NETLINK		253
+
+#define LINKTYPE_MATCHING_MAX	253		/* highest value in the "matching" range */
 
 static struct linktype_map {
 	int	dlt;

diff --git a/pcap-linux.c b/pcap-linux.c
@@ -2972,6 +2972,19 @@ static void map_arphrd_to_dlt(pcap_t *handle, int arptype, int cooked_ok)
                handle->linktype =  DLT_IEEE802_15_4_NOFCS;
                break;
 
+#ifndef ARPHRD_NETLINK
+#define ARPHRD_NETLINK	824
+#endif
+	case ARPHRD_NETLINK:
+		handle->linktype = DLT_NETLINK;
+		/*
+		 * We need to use cooked mode, so that in sll_protocol we
+		 * pick up the netlink protocol type such as NETLINK_ROUTE,
+		 * NETLINK_GENERIC, NETLINK_FIB_LOOKUP, etc.
+		 */
+		handle->cooked = 1;
+		break;
+
 	default:
 		handle->linktype = -1;
 		break;

diff --git a/pcap/bpf.h b/pcap/bpf.h
@@ -1224,7 +1224,12 @@ struct bpf_program {
  */
 #define DLT_WIRESHARK_UPPER_PDU	252
 
-#define DLT_MATCHING_MAX	252	/* highest value in the "matching" range */
+/*
+ * DLT type for the netlink protocol (nlmon devices).
+ */
+#define DLT_NETLINK		253
+
+#define DLT_MATCHING_MAX	253	/* highest value in the "matching" range */
 
 /*
  * DLT and savefile link type values are split into a class and