[GSOC 2016] Netlink socket parsers

Fabien Siron fabien.siron at epita.fr
Mon Mar 7 18:32:34 UTC 2016


Quoting Dmitry V. Levin (2016-03-07 01:16:36)
> On Sun, Mar 06, 2016 at 05:31:15PM +0100, Gabriel Laskar wrote:
> > So a good start would be to just decode the basic headers for these
> > packets, only on recvmsg/sendmsg, and build from there in order to add
> > more protocols for example.

So the steps would be, first, decode the headers, and after that, add some
protocols (NETLINK_ROUTE, NETLINK_FIREWALL ...).

> > After that we need also to be able to look at send/recv, but for that
> > we need to be able to recognize the protocol before. There may be some
> > work done on that point (retrieve the address family/type/protocol
> > under a socket) but I am not sure about it.
> 
> There is some protocol family decoding implemented for -yy option, e.g.
> 
> $ strace -qq -yy -esocket ip a >/dev/null 
> socket(PF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_ROUTE) = 3<NETLINK:[1234567]>
> 
> I suppose this implementation could be reused for netlink decoding
> of syscalls that don't provide protocol family information.

Yes, I think so.

Thank you a lot for you answers,

Cheers,

--
Fabien Siron




More information about the Strace-devel mailing list