From: Daniel Borkmann <dborkman@redhat.com>
Date: Mon, 18 Nov 2013 23:39:37 +0000 (-0800)
Subject: linktype: add netlink link/dlt type
X-Git-Tag: libpcap-1.6.0-bp~109
X-Git-Url: https://git.tcpdump.org/libpcap/commitdiff_plain/23d2673796e60c7fea6ba218eb084cbd59e7271b

linktype: add netlink link/dlt type

With Linux 3.11, we have the possibility to debug local netlink traffic
[1] i.e.  the workflow looks like this:

Setup:
  modprobe nlmon
  ip link add type nlmon
  ip link set nlmon0 up

Capture:
  tcpdump -i nlmon0 ...

Teardown:
  ip link set nlmon0 down
  ip link del dev nlmon0
  rmmod nlmon

For pcap interoperability, introduce a common link type for netlink
captures.
---

diff --git a/pcap-common.c b/pcap-common.c
index 6175a5ac..f26d22ec 100644
--- a/pcap-common.c
+++ b/pcap-common.c
@@ -932,7 +932,12 @@
  */
 #define LINKTYPE_WIRESHARK_UPPER_PDU	252
 
-#define LINKTYPE_MATCHING_MAX	252		/* highest value in the "matching" range */
+/*
+ * Link-layer header type for the netlink protocol (nlmon devices).
+ */
+#define LINKTYPE_NETLINK		253
+
+#define LINKTYPE_MATCHING_MAX	253		/* highest value in the "matching" range */
 
 static struct linktype_map {
 	int	dlt;
diff --git a/pcap-linux.c b/pcap-linux.c
index e8173824..0651522f 100644
--- a/pcap-linux.c
+++ b/pcap-linux.c
@@ -2972,6 +2972,19 @@ static void map_arphrd_to_dlt(pcap_t *handle, int arptype, int cooked_ok)
                handle->linktype =  DLT_IEEE802_15_4_NOFCS;
                break;
 
+#ifndef ARPHRD_NETLINK
+#define ARPHRD_NETLINK	824
+#endif
+	case ARPHRD_NETLINK:
+		handle->linktype = DLT_NETLINK;
+		/*
+		 * We need to use cooked mode, so that in sll_protocol we
+		 * pick up the netlink protocol type such as NETLINK_ROUTE,
+		 * NETLINK_GENERIC, NETLINK_FIB_LOOKUP, etc.
+		 */
+		handle->cooked = 1;
+		break;
+
 	default:
 		handle->linktype = -1;
 		break;
diff --git a/pcap/bpf.h b/pcap/bpf.h
index ad36eb61..8286ed5b 100644
--- a/pcap/bpf.h
+++ b/pcap/bpf.h
@@ -1224,7 +1224,12 @@ struct bpf_program {
  */
 #define DLT_WIRESHARK_UPPER_PDU	252
 
-#define DLT_MATCHING_MAX	252	/* highest value in the "matching" range */
+/*
+ * DLT type for the netlink protocol (nlmon devices).
+ */
+#define DLT_NETLINK		253
+
+#define DLT_MATCHING_MAX	253	/* highest value in the "matching" range */
 
 /*
  * DLT and savefile link type values are split into a class and