Wednesday, May 26, 2010


I digged into the depth of network packet handling, softirq's
and packet queues and hacked down a patch for the
2.6.34 kernel so that PF_PACKET can be applied to
PF_UNIX sockets.
The goal is to have a unix interface one day which you
can pass to pcap_create() and  wireshark or tcpdump.
With a e.g. DBUS dissector you can then monitor 
the application level IPC to find the more unknown
bugs :-)
The hard part now is to get this patch upstream,
so that it is available on a standard Linux distro
the same way you'd monitor your network traffic.