Wireshark · Wireshark-commits: [Wireshark-commits] master a94a860: net_dm: Add dissector for drop monitor netlink packets

Wireshark-commits: [Wireshark-commits] master a94a860: net_dm: Add dissector for drop monitor netli

From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>

Date: Sun, 01 Sep 2019 09:03:46 +0000

URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a94a860c0644ec3b8a129fd243674a2e376ce1c8
Submitter: "Anders Broman <a.broman58@xxxxxxxxx>"
Changed: branch: master
Repository: wireshark

Commits:

a94a860 by Ido Schimmel (idosch@xxxxxxxxxxxx):

    net_dm: Add dissector for drop monitor netlink packets
    
    The Linux kernel includes a module called drop monitor which -
    unsurprisingly - monitors packet drops.
    
    Once enabled, the module will periodically send netlink notifications to
    user space over generic netlink. Historically, these notifications only
    included the program counter where the drop occurred and the number of
    packets that were dropped in this location in the last interval.
    
    Patches in net-next (queued for Linux kernel 5.4) extend drop monitor
    with another mode of operation where the dropped packets themselves are
    sent to user space along with relevant metadata as netlink
    notifications. This allows users to perform a more detailed analysis of
    the dropped packets.
    
    This patch adds a dissector for these netlink packets. The dissector is
    expected to be invoked by the generic netlink dissector and during its
    hand off routine it adds an entry in the 'genl.family' dissector table.
    
    The various netlink attributes are dissected by calling
    dissect_netlink_attributes(), in a similar fashion to the rtnetlink
    dissector. The dropped packet itself is encoded in the netlink attribute
    'NET_DM_ATTR_PAYLOAD' and dissected by invoking a dissector from the
    'sll.ltype' dissector table based on the packet's protocol which is
    encoded in the 'NET_DM_ATTR_PROTO' attribute.
    
    Bug: 16018
    Change-Id: I10bfa4b9c9d8f5e82769c250f929f74693142a23
    Signed-off-by: Ido Schimmel <idosch@xxxxxxxxxxxx>
    Reviewed-on: https://code.wireshark.org/review/34351
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    

Actions performed:

    from  743f859   Qt: Rework Resolved Addresses dialog
     add  a94a860   net_dm: Add dissector for drop monitor netlink packets


Summary of changes:
 docbook/release-notes.adoc              |   1 +
 epan/dissectors/CMakeLists.txt          |   1 +
 epan/dissectors/packet-netlink-net_dm.c | 501 ++++++++++++++++++++++++++++++++
 3 files changed, 503 insertions(+)
 create mode 100644 epan/dissectors/packet-netlink-net_dm.c

Prev by Date: [Wireshark-commits] master 743f859: Qt: Rework Resolved Addresses dialog
Next by Date: [Wireshark-commits] master a53ec79: SMTP: Consider bytes seen as "data" until a command is seen
Previous by thread: [Wireshark-commits] master 743f859: Qt: Rework Resolved Addresses dialog
Next by thread: [Wireshark-commits] master a53ec79: SMTP: Consider bytes seen as "data" until a command is seen
Index(es):
- Date
- Thread