[GSOC 2016] Netlink socket parsers

Dmitry V. Levin ldv at altlinux.org
Mon Mar 7 01:16:36 UTC 2016


On Sun, Mar 06, 2016 at 05:31:15PM +0100, Gabriel Laskar wrote:
> On Sun, 6 Mar 2016 11:33:49 +0000, Fabien Siron wrote:
> 
> > I am very interested to be part of the GSOC in the strace project. I
> > especially like the subject "Netlink socket parsers" but I have some
> > questions about that subject:
> > * Should the Netlink socket parsers have the form of a new filtering
> > option? (for example: `strace -e netlink ip a`)
> > * Or maybe should we add the netlink family/protocol?
> 
> When netlink is used with recvmsg/sendmsg, so when decoding these
> messages, we already know that they will be netlink packets.
> 
> So a good start would be to just decode the basic headers for these
> packets, only on recvmsg/sendmsg, and build from there in order to add
> more protocols for example.
> 
> After that we need also to be able to look at send/recv, but for that
> we need to be able to recognize the protocol before. There may be some
> work done on that point (retrieve the address family/type/protocol
> under a socket) but I am not sure about it.

There is some protocol family decoding implemented for -yy option, e.g.

$ strace -qq -yy -esocket ip a >/dev/null 
socket(PF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_ROUTE) = 3<NETLINK:[1234567]>

I suppose this implementation could be reused for netlink decoding
of syscalls that don't provide protocol family information.


-- 
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20160307/b9c25392/attachment.bin>


More information about the Strace-devel mailing list