[tcpdump-workers] Link-layer header type for unix domain sockets (UDS)

[František Kučera]

Hello,

I am working on an application that extensively uses unix domain sockets 
for passing messages among its components. And in such situation good 
debugging tool is crucial.


I did some research and found that people usually proxy this socket 
communication through socat and UDP, so they see it in Wireshark. I 
found also some LD_PRELOAD implementations and even one kernel module. 
So there are several ways how to capture the data. But the question is, 
how such communication should be presented in the dump files.


My idea is that my application will have some debugging output that will 
emit data in the Libpcap format. My current approach is forging ethernet 
and IP packets and putting my data inside. But I know that it is bad. It 
is just proof-of-concept. What would be a correct and clean way?


I looked at  and didn't find any 
appropriate header type. Could we add some? Or is it a wrong layer?


There is no MAC or IP address, but there are other useful metadata: 
socket path (might be also abstract), direction, UID, GID, PID...


Best Regards,

Franta

___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] Link-layer header type for unix domain sockets (UDS)

[Guy Harris]

On Mar 23, 2019, at 12:50 PM, František Kučera  wrote:

> There is no MAC or IP address, but there are other useful metadata: socket 
> path (might be also abstract), direction, UID, GID, PID...

Stream, datagram, or sequenced-packet sockets?
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers