GSOC Projects proposals

Masatake YAMATO yamato at
Thu Feb 18 09:04:15 UTC 2016

> Netlink socket parsers
> Suggested by: Gabriel Laskar
> Netlink is a network protocol that is used to communicate between the
> kernel and the userspace. For example, iproute use netlink in order to
> configure the network stack (interfaces, addresses, routes, etc…). It
> is also used by the kernel to report hotplug events to the userland.
> The goal here is to add support in strace to decode theses packet
> structures in order to be able to debug and discover netlink messages.
> With the base ground work done, it can be easily extended to support
> more protocols.
> -- 
> Gabriel Laskar


I had thought about this feature. I had had some study at that time.

wireshark can dissect the netlink traffic via nlmon virtual device.

Decoding GENERIC_NETLINK(/usr/include/linux/genetlink.h) may
be really useful for undestading the target system with strace(,
but implementing it was not easy fro me).

The NUMBERS used in GENERIC_NETLINK can be changed dynamically.  So
you cannot put a static table for decoding the protocol in
strace. Instead you have to write code building the table dynamically.
One of the approach is parsing the output of command `genl ctrl show`
when starting strace. This will be good for prototyping. However, it
doesn't change the fact that strace has to mointor the change of
NUMBERS. strace itself has to talk to kernel in netlink protocol to
get the NUMBERS.

Good luck!

Masatake YAMATO

More information about the Strace-devel mailing list