With Linux 3.11, we have the possibility to debug local netlink traffic
[1] i.e. the workflow looks like this:
Setup:
modprobe nlmon
ip link add type nlmon
ip link set nlmon0 up
Capture:
tcpdump -i nlmon0 ...
Teardown:
ip link set nlmon0 down
ip link del dev nlmon0
rmmod nlmon
For pcap interoperability, introduce a common link type for netlink
captures.
*/
#define LINKTYPE_WIRESHARK_UPPER_PDU 252
-#define LINKTYPE_MATCHING_MAX 252 /* highest value in the "matching" range */
+/*
+ * Link-layer header type for the netlink protocol (nlmon devices).
+ */
+#define LINKTYPE_NETLINK 253
+
+#define LINKTYPE_MATCHING_MAX 253 /* highest value in the "matching" range */
static struct linktype_map {
int dlt;
handle->linktype = DLT_IEEE802_15_4_NOFCS;
break;
+#ifndef ARPHRD_NETLINK
+#define ARPHRD_NETLINK 824
+#endif
+ case ARPHRD_NETLINK:
+ handle->linktype = DLT_NETLINK;
+ /*
+ * We need to use cooked mode, so that in sll_protocol we
+ * pick up the netlink protocol type such as NETLINK_ROUTE,
+ * NETLINK_GENERIC, NETLINK_FIB_LOOKUP, etc.
+ */
+ handle->cooked = 1;
+ break;
+
default:
handle->linktype = -1;
break;
*/
#define DLT_WIRESHARK_UPPER_PDU 252
-#define DLT_MATCHING_MAX 252 /* highest value in the "matching" range */
+/*
+ * DLT type for the netlink protocol (nlmon devices).
+ */
+#define DLT_NETLINK 253
+
+#define DLT_MATCHING_MAX 253 /* highest value in the "matching" range */
/*
* DLT and savefile link type values are split into a class and
projects / libpcap / commitdiff
