tcpdump mailing list archives
Re: [PATCH libpcap v2] linktype: add netlink link/dlt type
From: Guy Harris <guy () alum mit edu>
Date: Mon, 5 Aug 2013 15:29:59 -0700
On Jul 24, 2013, at 2:26 AM, Daniel Borkmann <dborkman () redhat com> wrote:
With upcoming Linux 3.11, we have the possibility to debug local netlink traffic [1] i.e. the workflow looks like this: Setup: modprobe nlmon ip link add type nlmon ip link set nlmon0 up Capture: tcpdump -i nlmon0 ... Teardown: ip link set nlmon0 down ip link del dev nlmon0 rmmod nlmon For pcap interoperability, introduce a common link type for netlink captures
So DLT_NETLINK packets are netlink messages, as described by, for example, section 3.4 "Netlink message format" of:
http://1984.lsi.us.es/~pablo/docs/spae.pdf
or section 2.2 "Message Format" of
http://tools.ietf.org/html/rfc3549
For new link-layer header types, it should be possible
http://www.tcpdump.org/linktypes.html
to include them; I'd want to point to one of those sources if possible.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- [PATCH libpcap v2] linktype: add netlink link/dlt type Daniel Borkmann (Jul 24)
- Re: [PATCH libpcap v2] linktype: add netlink link/dlt type Guy Harris (Aug 05)
- Re: [PATCH libpcap v2] linktype: add netlink link/dlt type Daniel Borkmann (Aug 05)
- Re: [PATCH libpcap v2] linktype: add netlink link/dlt type Guy Harris (Aug 05)