Debugging netlink?

How are you debugging stuff like netlink? I want to see the nl80211 syscalls, etc. ...
Here is a tutorial, but it seems somekind of not user friendly.

Alot more friendly than perf tracepoints

1 Like

I want to debug two things.
The wil6210 driver and my android phone that is running LOS 17 and the hostap won't start...

There is some process wificond that is using netlink_utils to create a new interface... But is currently always failing. I'm not sure how to use strace to see the calls from that library if I do not execute wificond with strace together. But using some ebpf tool that I have to cross compile to android and use it there, ..., I don't know if this is a good idea. Maybe I need to root my phone to get root shell to kill wificond and restart it with strace. :S

1 Like

sounds like a plan...

strace -p <pid>

will attach to a running process ( the switch to follow forked processes is also handy )

1 Like

Wow thanks! I will try this!
Suddenly does not work without root. :confused:

strace: attach: ptrace(PTRACE_SEIZE, 892): Operation not permitted

So first I have to root. ^^

To get a root shell, enable in the developer settings rooted debugging and do:

adb root

Hmmmm. I have trouble to understand this...

epoll_pwait(5<anon_inode:[eventpoll]>, [{EPOLLIN, {u32=9, u64=9}}], 16, -1, NULL, 8) = 1
read(9<socket:[23656]>, "\x38\x00\x00\x00\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x71\x01\x00\x00\x05\x00\x30\x00\x02\x00\x00\x00\x05\x00\x31\x00\x00\x00\x00\x00\x07\x00\x21\x00\x44\x45\x00\x00\x08\x00\x01\x00\x00\x00\x00\x00\x04\x00\xd8\x00", 8192) = 56
epoll_pwait(5<anon_inode:[eventpoll]>, [{EPOLLIN, {u32=6, u64=6}}], 16, -1, NULL, 8) = 1
ioctl(6</dev/binder>, BINDER_WRITE_READ, 0x7fc1c327e8) = 0
futex(0x761702a048, FUTEX_WAKE_PRIVATE, 2147483647) = 0
socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_IP) = 10<socket:[297867]>
ioctl(10<socket:[297867]>, SIOCGIFINDEX, {ifr_name="wlan1"}) = -1 ENODEV (No such device)

If I take the first read from the socket and use the decoder I get

{'attrs': [('UNKNOWN', {'header': {'length': 5, 'type': 49}}),
           ('UNKNOWN', {'header': {'length': 7, 'type': 33}}),
           ('RTA_DST', '\x00\x00\x00\x00'),
           ('UNKNOWN', {'header': {'length': 4, 'type': 216}})],
 'dst_len': 1,
 'family': 113,
 'flags': 2,
 'header': {'flags': 0,
            'length': 56,
            'pid': 0,
            'sequence_number': 0,
            'type': 19},
 'proto': 0,
 'scope': 48,
 'src_len': 0,
 'table': 5,
 'tos': 0,
 'type': 0}

Everything is UNKNOWN? :confused: Any idea how to convert this into useful information?

Maybe no need to...

{ifr_name="wlan1"}) = -1 ENODEV (No such device)
1 Like

Yep. I thought wificond is creating that. :wink:
But I found a solution, turning off that duale use stuff.
Thanks a lot! :slight_smile: