Hello,
I am working on an application that extensively uses unix domain sockets
for passing messages among its components. And in such situation good
debugging tool is crucial.
I did some research and found that people usually proxy this socket
communication through socat and UDP, so they see it in Wireshark. I
found also some LD_PRELOAD implementations and even one kernel module.
So there are several ways how to capture the data. But the question is,
how such communication should be presented in the dump files.
My idea is that my application will have some debugging output that will
emit data in the Libpcap format. My current approach is forging ethernet
and IP packets and putting my data inside. But I know that it is bad. It
is just proof-of-concept. What would be a correct and clean way?
I looked at <https://www.tcpdump.org/linktypes.html> and didn't find any
appropriate header type. Could we add some? Or is it a wrong layer?
There is no MAC or IP address, but there are other useful metadata:
socket path (might be also abstract), direction, UID, GID, PID...
Best Regards,
Franta
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
