[tcpdump-workers] Link-Layer Header Type request for Linux Kernel Messages
Hello, I would like to request a new link-layer header type value: LINKTYPE_DEV_KMSG_LINUX DLT_DEV_KMSG_LINUX and LINKTYPE_KLOG_LINUX DLT_KLOG_LINUX Linux Kernel Message can be captured on Linux by /dev/kmsg and klogctl. Kernel logs can be useful for analysis Linux and network(etc.) behaviour. Test patch for libpcap for /dev/kmsg is prepared, so you can test it: https://github.com/MichalLabedzki/libpcap/commit/c671673753bba413fe3fc839425162d682289bec (works kernel >= 3.5 and /dev/kmsg, patch need some fixes to check that) Capture format specification is available at: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/Documentation/ABI/testing/dev-kmsg Linux logs can be dissected by Wireshark to improve readability/filtering. There is also klogctl (http://linux.die.net/man/3/klogctl) and /proc/kmsg - but there is different format. So another Linktype can be add. Pozdrawiam / Best regards - Michał Łabędzki, Software Engineer Tieto Corporation Product Engineering Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki e-mail: michal.labed...@tieto.com location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Link-Layer Header Type request for Linux Kernel Messages
Hi, Are there any comments on that? (since month) Pozdrawiam / Best regards - Michał Łabędzki, Software Engineer Tieto Corporation Product Engineering Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki e-mail: michal.labed...@tieto.com location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] Link-Layer Header Types request for Android
Hello, I would like to request a new link-layer header type values: LINKTYPE_ANDROID_ADB DLT_ANDROID_ADB LINKTYPE_ANDROID_LOGGER DLT_ANDROID_LOGGER First is ADB. Android Debug Bridge is protocols used to manage Android platforms (connect, send command, receive data). Please check also Android documentation: http://developer.android.com/tools/help/adb.html For example: There are commands like: OKAY, WRTE (write), CLSE (close), etc. They can be dissected, for example in Wireshark. Second: Android Logger (knowns as Logcat logs) is format of (debug, for analyse of issues) Android processes messages. Logger is something like Linux kernel messages or/and syslog. You can see implementation on Wireshark side - it can be useful to understand this request: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8279 Main purpose of Logger: add system logs allow to analyse application/protocols issues. (example: file over Bluetooth is not send and there is logcat log "socket not open: permission denied") Main purpose of ADB: it is protocols. Technically: 1. There can be a lot of Android interfaces: see "adb devices" (one interface per device [formally two: one for ADB, second for LOGCAT]) 2. Logger can be put over ADB. 3. ADB can be put over TCP (adb connect localhost) or USB (default). I think you can replace LOGGER by LOGCAT is you think that "logcat" is more clear. Pozdrawiam / Best regards - Michał Łabędzki, Software Engineer Tieto Corporation Product Engineering Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki e-mail: michal.labed...@tieto.com location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Link-Layer Header Type request for Linux Kernel Messages
Hi, I guess area what I am working blur the boundaries of existing tools. So what about feature? (maybe it is time to little extend tool boundary) Linux Kernel Messages and Android Logs are similar to "syslog", ok, but think about wide perspective. The question are: 1. What can be supported by libpcap, but what cannot be. (~ we need one tool or two/infinite number of tools) 2. kmsg/syslog seems to be helper for other payloads analyse, so why it cannot be keep together? (for example: kernel close data socket, we know that from kernel logs and see that in protocol payloads) 3. Should I think about new tool? (On the other hand - my ideas should not completely break your tool or primary intention and should not disturb anyone) 4. kmsg seems to be regular interface, we can treat log as packet (or packet as log!), compute received, dropped, etc. PS. If all logs are in pcap (kernel, application logs [syslog/logcat], networks payloads (Internet, Bluetooth, NFC, DBus, etc...) ), than user can simply send it to developer, and we do not need syslog anymore. Pozdrawiam / Best regards - Michał Łabędzki, Software Engineer Tieto Corporation Product Engineering Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki e-mail: michal.labed...@tieto.com location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN From: m...@sandelman.ca [m...@sandelman.ca] Sent: 14 May 2013 16:39 To: Labedzki Michal Cc: tcpdump-workers@lists.tcpdump.org Subject: Re: [tcpdump-workers] Link-Layer Header Type request for Linux Kernel Messages > "Michal" == Michal Labedzki writes: Michal> Are there any comments on that? (since month) I agree... I don't understand why putting these things into a pcap layer helps anyone. Have you looked at: http://datatracker.ietf.org/wg/syslog/charter/ and http://datatracker.ietf.org/doc/rfc5848/ might provide a more standard, more portable container? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Link-Layer Header Type request for Linux Kernel Messages
Hi, Ok. Let start thinking only about: LINKTYPE_DEV_KMSG_LINUX & DLT_DEV_KMSG_LINUX, other can be ignored because /dev/kmsg is only one which can be used easy and powerfully. Implementation on two sides is ready (libpcap and Wireshark) Pozdrawiam / Best regards - Michał Łabędzki, Software Engineer Tieto Corporation Product Engineering Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki e-mail: michal.labed...@tieto.com location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] DLT for Bluetooth Low Energy
Hi, This is good idea. +1 from me. What name is proposed for new values? DLT_BLUETOOTH_LL? DLT_BLUETOOTH_LE? other? According to pointed specification, "2.1.2.2 Link Manager": ". The link manager achieves this by communicating with the link manager in remote Bluetooth devices using the Link Management Protocol (LMP) in BR/EDR and the Link Layer Protocol (LL) in LE."... maybe it is good idea to request two new DLT too : 1. For Bluetooth LMP (described in the same specification, page 455) (optional for me) 2. For Ubertooth (preferred by me) Pozdrawiam / Best regards - Michał Łabędzki, Software Engineer Tieto Corporation Product Engineering Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki e-mail: michal.labed...@tieto.com location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
