packet: nlmon: virtual netlink monitoring device for packet sockets

Currently, there is no good possibility to debug netlink traffic that is being exchanged between kernel and user space. Therefore, this patch implements a netlink virtual device, so that netlink messages will be made visible to PF_PACKET sockets. Once there was an approach with a similar idea [1], but it got forgotten somehow. I think it makes most sense to accept the "overhead" of an extra netlink net device over implementing the same functionality from PF_PACKET sockets once again into netlink sockets. We have BPF filters that can already be easily applied which even have netlink extensions, we have RX_RING zero-copy between kernel- and user space that can be reused, and much more features. So instead of re-implementing all of this, we simply pass the skb to a given PF_PACKET socket for further analysis. Another nice benefit that comes from that is that no code needs to be changed in user space packet analyzers (maybe adding a dissector, but not more), thus out of the box, we can already capture pcap files of netlink traffic to debug/troubleshoot netlink problems. Also thanks goes to Thomas Graf, Flavio Leitner, Jesper Dangaard Brouer. [1] http://marc.info/?l=linux-netdev&m=113813401516110 Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Daniel Borkmann <dborkman@redhat.com> 2013-06-21 13:38:08 -0400
committer: David S. Miller <davem@davemloft.net> 2013-06-24 19:39:05 -0400
commit: e4fc408e0e99fd2e009c8b3702d9637f5554fd5c (patch)
tree: f808ee97e82aaeea7c5fce0dea7ae37610ad27cb /drivers/net/Kconfig
parent: bcbde0d449eda7afa8f63280b165c8300dbd00e2 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig
index 00aba08f01a9..b45b240889f5 100644
--- a/drivers/net/Kconfig
+++ b/drivers/net/Kconfig
@@ -240,6 +240,16 @@ config VIRTIO_NET
          This is the virtual network driver for virtio.  It can be used with
          lguest or QEMU based VMMs (like KVM or Xen).  Say Y or M.
+config NLMON
+        tristate "Virtual netlink monitoring device"
+        ---help---
+          This option enables a monitoring net device for netlink skbs. The
+          purpose of this is to analyze netlink messages with packet sockets.
+          Thus applications like tcpdump will be able to see local netlink
+          messages if they tap into the netlink device, record pcaps for further
+          diagnostics, etc. This is mostly intended for developers or support
+          to debug netlink issues. If unsure, say N.
 endif # NET_CORE
 config SUNGEM_PHY
author	Daniel Borkmann <dborkman@redhat.com>	2013-06-21 13:38:08 -0400
committer	David S. Miller <davem@davemloft.net>	2013-06-24 19:39:05 -0400
commit	e4fc408e0e99fd2e009c8b3702d9637f5554fd5c (patch)
tree	f808ee97e82aaeea7c5fce0dea7ae37610ad27cb /drivers/net/Kconfig
parent	bcbde0d449eda7afa8f63280b165c8300dbd00e2 (diff)

diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig index 00aba08f01a9..b45b240889f5 100644 --- a/drivers/net/Kconfig +++ b/drivers/net/Kconfig
@@ -240,6 +240,16 @@ config VIRTIO_NET
240	This is the virtual network driver for virtio. It can be used with	240	This is the virtual network driver for virtio. It can be used with
241	lguest or QEMU based VMMs (like KVM or Xen). Say Y or M.	241	lguest or QEMU based VMMs (like KVM or Xen). Say Y or M.
242		242
		243	config NLMON
		244	tristate "Virtual netlink monitoring device"
		245	---help---
		246	This option enables a monitoring net device for netlink skbs. The
		247	purpose of this is to analyze netlink messages with packet sockets.
		248	Thus applications like tcpdump will be able to see local netlink
		249	messages if they tap into the netlink device, record pcaps for further
		250	diagnostics, etc. This is mostly intended for developers or support
		251	to debug netlink issues. If unsure, say N.
		252
243	endif # NET_CORE	253	endif # NET_CORE
244		254
245	config SUNGEM_PHY	255	config SUNGEM_PHY