From c288c3a32659db207db09fdb8beb6ee00e3eaff0 Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Wed, 28 May 2014 18:17:22 +0200
Subject: [PATCH] netsniff-ng: Print process name of the netlink message origin

In the netlink message dissector, use the PID from the header to look up
the process name of the sending process.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
---
 proto_nlmsg.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/proto_nlmsg.c b/proto_nlmsg.c
index f5abf573..0098d277 100644
--- a/proto_nlmsg.c
+++ b/proto_nlmsg.c
@@ -4,7 +4,10 @@
  * Subject to the GPL, version 2.
  */
 
+#include <stdio.h>
+#include <unistd.h>
 #include <libnl3/netlink/msg.h>
+#include <libgen.h>
 
 #include "pkt_buff.h"
 #include "proto.h"
@@ -14,10 +17,23 @@ static void nlmsg(struct pkt_buff *pkt)
 	struct nlmsghdr *hdr = (struct nlmsghdr *) pkt_pull(pkt, sizeof(*hdr));
 	char type[32];
 	char flags[128];
+	char procname[1024];
 
 	if (hdr == NULL)
 		return;
 
+	/* Look up the process name if message is not coming from the kernel */
+	if (hdr->nlmsg_pid != 0) {
+		char path[1024];
+		int ret;
+
+		snprintf(path, sizeof(path), "/proc/%u/exe", hdr->nlmsg_pid);
+		ret = readlink(path, procname, sizeof(procname) - 1);
+		if (ret < 0)
+			procname[0] = '\0';
+	} else
+		snprintf(procname, sizeof(procname), "kernel");
+
 	tprintf(" [ NLMSG ");
 	tprintf("Len %u, ", hdr->nlmsg_len);
 	tprintf("Type 0x%.4x (%s%s%s), ", hdr->nlmsg_type,
@@ -30,6 +46,9 @@ static void nlmsg(struct pkt_buff *pkt)
 		colorize_end());
 	tprintf("Seq-Nr %u, ", hdr->nlmsg_seq);
 	tprintf("PID %u", hdr->nlmsg_pid);
+	if (procname[0])
+		tprintf(" (%s%s%s)", colorize_start(bold), basename(procname),
+			colorize_end());
 	tprintf(" ]\n");
 }
 
-- 
2.11.4.GIT