pack_addr supports parsing AF_NETLINK protocol #1494
Comments
|
hi @lclin56 thank you for reporting! This seems a valuable feature request, we will try to find some time to implement it! |
|
I'll try to work on this. |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
|
Stale issues rot after 30d of inactivity. Mark the issue as fresh with Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle rotten |
|
/remove-lifecycle rotten |
Motivation
I found that the parsing of pack_addr only supports protocols such as AF_INET, AF_INET6, and AF_UNIX. When I need to track syscalls related to NETLINK protocol, the current version does not support AF_NETLINK. So when I try to use pack_addr to parse NETLINK protocol, I encounter difficulties.
Feature
I hope to add support for AF_NETLINK protocol in pack_addr, so that I can correctly parse and track syscalls related to NETLINK protocol.
Alternatives
I could consider using other tools or libraries to obtain syscall information related to NETLINK protocol. However, I prefer to implement this feature directly in pack_addr because it allows me better control over the parsing process and a better understanding of the behavior of NETLINK protocol.
Additional context
I need to track syscalls related to NETLINK protocol because I want to better understand and manage network-related system calls. I hope that pack_addr can add support for AF_NETLINK protocol, so that I can more easily parse and track these calls.
The text was updated successfully, but these errors were encountered: