tcpdump mailing list archives
Re: [PATCH libpcap v2] linktype: add netlink link/dlt type
From: Daniel Borkmann <dborkman () redhat com>
Date: Tue, 06 Aug 2013 08:32:47 +0200
On 08/06/2013 12:29 AM, Guy Harris wrote:
On Jul 24, 2013, at 2:26 AM, Daniel Borkmann <dborkman () redhat com> wrote:With upcoming Linux 3.11, we have the possibility to debug local netlink traffic [1] i.e. the workflow looks like this: Setup: modprobe nlmon ip link add type nlmon ip link set nlmon0 up Capture: tcpdump -i nlmon0 ... Teardown: ip link set nlmon0 down ip link del dev nlmon0 rmmod nlmon For pcap interoperability, introduce a common link type for netlink capturesSo DLT_NETLINK packets are netlink messages, as described by, for example, section 3.4 "Netlink message format" of: http://1984.lsi.us.es/~pablo/docs/spae.pdf or section 2.2 "Message Format" of http://tools.ietf.org/html/rfc3549
That is correct, i.e. section 2.3.2. "Netlink Message Header" shows the message header format.
For new link-layer header types, it should be possible
http://www.tcpdump.org/linktypes.html
to include them; I'd want to point to one of those sources if possible.
_______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- [PATCH libpcap v2] linktype: add netlink link/dlt type Daniel Borkmann (Jul 24)
- Re: [PATCH libpcap v2] linktype: add netlink link/dlt type Guy Harris (Aug 05)
- Re: [PATCH libpcap v2] linktype: add netlink link/dlt type Daniel Borkmann (Aug 05)
- Re: [PATCH libpcap v2] linktype: add netlink link/dlt type Guy Harris (Aug 05)