Obviously, there is no net device to pcap - I'm wondering if anybody knows of ways to watch netlink traffic? I don't know netlink well, I'm wondering if its possible to do a PF_NETLINK socket that promiscuously receives all netlink traffic on all sockets? I can build wireshark dissectors once I've got pcaps, but I'm not too sure how to get the captures, other than hacking libnfnetlink to dump all sendmsg/recvmsg payload into a pcap file with a custom link type, but I'm hoping I'm not the first person to want to do this. I want to troubleshoot interactions, like when my userspace code blocks indefinitely waiting for a response from the kernel, but the sample code I'm looking at doesn't, and I want to understand what I'm doing differently. Cheers, Sam -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
