[GSOC 2016] Netlink socket parsers
Fabien Siron
fabien.siron at epita.fr
Mon Mar 7 18:32:34 UTC 2016
Quoting Dmitry V. Levin (2016-03-07 01:16:36)
> On Sun, Mar 06, 2016 at 05:31:15PM +0100, Gabriel Laskar wrote:
> > So a good start would be to just decode the basic headers for these
> > packets, only on recvmsg/sendmsg, and build from there in order to add
> > more protocols for example.
So the steps would be, first, decode the headers, and after that, add some
protocols (NETLINK_ROUTE, NETLINK_FIREWALL ...).
> > After that we need also to be able to look at send/recv, but for that
> > we need to be able to recognize the protocol before. There may be some
> > work done on that point (retrieve the address family/type/protocol
> > under a socket) but I am not sure about it.
>
> There is some protocol family decoding implemented for -yy option, e.g.
>
> $ strace -qq -yy -esocket ip a >/dev/null
> socket(PF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_ROUTE) = 3<NETLINK:[1234567]>
>
> I suppose this implementation could be reused for netlink decoding
> of syscalls that don't provide protocol family information.
Yes, I think so.
Thank you a lot for you answers,
Cheers,
--
Fabien Siron
More information about the Strace-devel
mailing list