tcpdump mailing list archives

Request for DLT for Linux Kernel Messages

From: Michal Labedzki <michal.labedzki () tieto com>
Date: Fri, 20 Dec 2013 12:38:55 +0100

Hello,

I would like to ask about possibility to add DLT value for Linux
Kernel Messages. Is it possible or not?

I previously show ready libpcap implementation [1], also I have ready
implementation for Wiredshark. (in short: on Linux Kernel >3.4 it is
able to dump via /dev/kmsg, also inject).
Linux kernel message have packet structure (one log/event = one
packet) and it is really useful by analysing system behaviour or
Bluetooth kernelspace used by userland.

Also may be interested to create special DLT (like Wireshark Upper
PDU) for event based capture sources like:
1. Linux Kernel Messages (/dev/kmsg)
2. Android Logcat (Logger - like "adb logcat -B")
3. Udev messages (I thinking about capture like "udevadm monitor")
4. syslog
...
N. Completely amazing idea for now: capture audio (arecord -l; arecord
hw:0,1; in short: "source as interface to dump")
etc.

[1] Rebased: https://github.com/MichalLabedzki/libpcap/commit/bfb695422349541c4c6f6f896a9028721eedf253
- this contain requested DLT in code to show functionality
[2] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8585

Pozdrawiam / Best regards
-------------------------------------------------------------------------------------------------------------
Michał Łabędzki, Software Engineer
Tieto Corporation

Product Development Services

http://www.tieto.com / http://www.tieto.pl
---
ASCII: Michal Labedzki
location: Swobodna 1 Street, 50-088 Wrocław, Poland
room: 5.01 (desk next to 5.08)
---
Please note: The information contained in this message may be legally
privileged and confidential and protected from disclosure. If the
reader of this message is not the intended recipient, you are hereby
notified that any unauthorised use, distribution or copying of this
communication is strictly prohibited. If you have received this
communication in error, please notify us immediately by replying to
the message and deleting it from your computer. Thank You.
---
Please consider the environment before printing this e-mail.
---
Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w
Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym
Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego
Rejestru Sądowego pod numerem 0000124858. NIP: 8542085557. REGON:
812023656. Kapitał zakładowy: 4 271500 PLN
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

Request for DLT for Linux Kernel Messages Michal Labedzki (Dec 20)
- Re: Request for DLT for Linux Kernel Messages Guy Harris (Dec 29)
  - Re: Request for DLT for Linux Kernel Messages Michal Labedzki (Dec 30)