From: Igor de Paula <igordptx@gmail.com>
To: netfilter@vger.kernel.org
Subject: Help use parsing to get a promiscuous level
Date: Thu, 25 May 2023 15:13:21 +0100 [thread overview]
Message-ID: <CALDr01S8DJsLFVyFRmVPdqeLe=-sLCrS2zsFdF_8YL_0BBF2VQ@mail.gmail.com> (raw)
Sorry for the spam but this is clearer I think,
Hi,
I have a DPDK application holding some ports, and I want to have a
virtio_user port to interface with the kernel stack, For example, I
want to use tcpdump on a virtual interface. So I understand I need to
create a netlink listener which I did. And using some print statements
I am getting a packet on the netlink port when I try to use tcpdump on
the virtual interface.
My problem is that I can't figure out how to parse the packet. For
example I expect that calling TCP dump should trigger a packet to set
a promiscuous flag, and stopping tcpdump should trigger a packet to
disable promiscuous mode.
Currently from the examples this is the attr parser I have:
static int data_attr_cb(const struct nlattr *attr, void *data)
{
const struct nlattr **tb = data;
int type = mnl_attr_get_type(attr);
/* skip unsupported attribute in user-space */
if (mnl_attr_type_valid(attr, IFLA_MAX) < 0)
return MNL_CB_OK;
switch(type) {
case IFLA_MTU:
if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) {
perror("mnl_attr_validate");
return MNL_CB_ERROR;
}
break;
case IFLA_IFNAME:
if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0) {
perror("mnl_attr_validate");
return MNL_CB_ERROR;
}
break;
}
tb[type] = attr;
return MNL_CB_OK;
}
But this doesn't give any information. Any help on how to understand
this packet would be appreciated. I thought as there is a next
attribute and maybe nested attributes if I add the following code:
while (attr != NULL)
{
attr = mnl_attr_next(attr);
type = mnl_attr_get_type(attr);
if (type == 0)
break;
printf("type: %d\n",type);
}
I might get to the promiscuous flag (30), but I am printing like 100
of those per packet. And from what I read the payload also has
attributes. This might be a stupid question but any help on
understanding this would be appreciated.
next reply other threads:[~2023-05-25 14:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-25 14:13 Igor de Paula [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-05-25 14:12 Help use parsing to get a promiscuous level Igor de Paula
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALDr01S8DJsLFVyFRmVPdqeLe=-sLCrS2zsFdF_8YL_0BBF2VQ@mail.gmail.com' \
--to=igordptx@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).