Andreagit97
commented
8 months ago hi @lclin56 thank you for reporting! This seems a valuable feature request, we will try to find some time to implement it!
Open lclin56 opened 8 months ago
Andreagit97
commented
8 months ago hi @lclin56 thank you for reporting! This seems a valuable feature request, we will try to find some time to implement it!
ecbadeaux
commented
7 months ago I'll try to work on this.
poiana
commented
4 months ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
poiana
commented
3 months ago Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle rotten
Andreagit97
commented
3 months ago /remove-lifecycle rotten
poiana
commented
20 hours ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Motivation
I found that the parsing of pack_addr only supports protocols such as AF_INET, AF_INET6, and AF_UNIX. When I need to track syscalls related to NETLINK protocol, the current version does not support AF_NETLINK. So when I try to use pack_addr to parse NETLINK protocol, I encounter difficulties.
Feature
I hope to add support for AF_NETLINK protocol in pack_addr, so that I can correctly parse and track syscalls related to NETLINK protocol.
Alternatives
I could consider using other tools or libraries to obtain syscall information related to NETLINK protocol. However, I prefer to implement this feature directly in pack_addr because it allows me better control over the parsing process and a better understanding of the behavior of NETLINK protocol.
Additional context
I need to track syscalls related to NETLINK protocol because I want to better understand and manage network-related system calls. I hope that pack_addr can add support for AF_NETLINK protocol, so that I can more easily parse and track these calls.