Hello, I would like to request a new link-layer header type value: LINKTYPE_DEV_KMSG_LINUX DLT_DEV_KMSG_LINUX
and LINKTYPE_KLOG_LINUX DLT_KLOG_LINUX Linux Kernel Message can be captured on Linux by /dev/kmsg and klogctl. Kernel logs can be useful for analysis Linux and network(etc.) behaviour. Test patch for libpcap for /dev/kmsg is prepared, so you can test it: https://github.com/MichalLabedzki/libpcap/commit/c671673753bba413fe3fc839425162d682289bec (works kernel >= 3.5 and /dev/kmsg, patch need some fixes to check that) Capture format specification is available at: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/Documentation/ABI/testing/dev-kmsg Linux logs can be dissected by Wireshark to improve readability/filtering. There is also klogctl (http://linux.die.net/man/3/klogctl) and /proc/kmsg - but there is different format. So another Linktype can be add. Pozdrawiam / Best regards ------------------------------------------------------------------------------------------------------------- Michał Łabędzki, Software Engineer Tieto Corporation Product Engineering Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki e-mail: michal.labed...@tieto.com location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 0000124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
