1. 25 Jun, 2013 39 commits
  2. 24 Jun, 2013 1 commit
    • Daniel Borkmann's avatar
      packet: nlmon: virtual netlink monitoring device for packet sockets · e4fc408e
      Daniel Borkmann authored
      Currently, there is no good possibility to debug netlink traffic that
      is being exchanged between kernel and user space. Therefore, this patch
      implements a netlink virtual device, so that netlink messages will be
      made visible to PF_PACKET sockets. Once there was an approach with a
      similar idea [1], but it got forgotten somehow.
      
      I think it makes most sense to accept the "overhead" of an extra netlink
      net device over implementing the same functionality from PF_PACKET
      sockets once again into netlink sockets. We have BPF filters that can
      already be easily applied which even have netlink extensions, we have
      RX_RING zero-copy between kernel- and user space that can be reused,
      and much more features. So instead of re-implementing all of this, we
      simply pass the skb to a given PF_PACKET socket for further analysis.
      
      Another nice benefit that comes from that is that no code needs to be
      changed in user space packet analyzers (maybe adding a dissector, but
      not more), thus out of the box, we can already capture pcap files of
      netlink traffic to debug/troubleshoot netlink problems.
      
      Also thanks goes to Thomas Graf, Flavio Leitner, Jesper Dangaard Brouer.
      
       [1] http://marc.info/?l=linux-netdev&m=113813401516110Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e4fc408e