On Jul 24, 2013, at 2:26 AM, Daniel Borkmann <dbork...@redhat.com> wrote:
> With upcoming Linux 3.11, we have the possibility to debug local netlink
> traffic [1] i.e. the workflow looks like this:
>
> Setup:
> modprobe nlmon
> ip link add type nlmon
> ip link set nlmon0 up
>
> Capture:
> tcpdump -i nlmon0 ...
>
> Teardown:
> ip link set nlmon0 down
> ip link del dev nlmon0
> rmmod nlmon
>
> For pcap interoperability, introduce a common link type for netlink
> captures
So DLT_NETLINK packets are netlink messages, as described by, for example,
section 3.4 "Netlink message format" of:
http://1984.lsi.us.es/~pablo/docs/spae.pdf
or section 2.2 "Message Format" of
http://tools.ietf.org/html/rfc3549
For new link-layer header types, it should be possible
http://www.tcpdump.org/linktypes.html
to include them; I'd want to point to one of those sources if possible.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
