Debugging netlink?

PolynomialDivision · January 12, 2020, 5:49pm

How are you debugging stuff like netlink? I want to see the nl80211 syscalls, etc. ...
Here is a tutorial, but it seems somekind of not user friendly.

anon50098793 · January 12, 2020, 6:02pm

Alot more friendly than perf tracepoints

PolynomialDivision · January 12, 2020, 6:15pm

I want to debug two things.
The wil6210 driver and my android phone that is running LOS 17 and the hostap won't start...

There is some process wificond that is using netlink_utils to create a new interface... But is currently always failing. I'm not sure how to use strace to see the calls from that library if I do not execute wificond with strace together. But using some ebpf tool that I have to cross compile to android and use it there, ..., I don't know if this is a good idea. Maybe I need to root my phone to get root shell to kill wificond and restart it with strace. :S

anon50098793 · January 12, 2020, 6:21pm

sounds like a plan...

strace -p <pid>

will attach to a running process ( the switch to follow forked processes is also handy )

PolynomialDivision · January 12, 2020, 6:29pm

Wow thanks! I will try this!
Suddenly does not work without root.

strace: attach: ptrace(PTRACE_SEIZE, 892): Operation not permitted

So first I have to root. ^^

To get a root shell, enable in the developer settings rooted debugging and do:

adb root

PolynomialDivision · January 12, 2020, 7:16pm

Hmmmm. I have trouble to understand this...

epoll_pwait(5<anon_inode:[eventpoll]>, [{EPOLLIN, {u32=9, u64=9}}], 16, -1, NULL, 8) = 1
read(9<socket:[23656]>, "\x38\x00\x00\x00\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x71\x01\x00\x00\x05\x00\x30\x00\x02\x00\x00\x00\x05\x00\x31\x00\x00\x00\x00\x00\x07\x00\x21\x00\x44\x45\x00\x00\x08\x00\x01\x00\x00\x00\x00\x00\x04\x00\xd8\x00", 8192) = 56
epoll_pwait(5<anon_inode:[eventpoll]>, [{EPOLLIN, {u32=6, u64=6}}], 16, -1, NULL, 8) = 1
ioctl(6</dev/binder>, BINDER_WRITE_READ, 0x7fc1c327e8) = 0
futex(0x761702a048, FUTEX_WAKE_PRIVATE, 2147483647) = 0
socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_IP) = 10<socket:[297867]>
ioctl(10<socket:[297867]>, SIOCGIFINDEX, {ifr_name="wlan1"}) = -1 ENODEV (No such device)
close(10<socket:[297867]>)

If I take the first read from the socket and use the decoder I get

38:00:00:00:13:00:00:00:00:00:00:00:00:00:00:00:71:01:00:00:05:00:30:00:02:00:00:00:05:00:31:00:00:00:00:00:07:00:21:00:44:45:00:00:08:00:01:00:00:00:00:00:04:00:d8:00
{'attrs': [('UNKNOWN', {'header': {'length': 5, 'type': 49}}),
           ('UNKNOWN', {'header': {'length': 7, 'type': 33}}),
           ('RTA_DST', '\x00\x00\x00\x00'),
           ('UNKNOWN', {'header': {'length': 4, 'type': 216}})],
 'dst_len': 1,
 'family': 113,
 'flags': 2,
 'header': {'flags': 0,
            'length': 56,
            'pid': 0,
            'sequence_number': 0,
            'type': 19},
 'proto': 0,
 'scope': 48,
 'src_len': 0,
 'table': 5,
 'tos': 0,
 'type': 0}
........................................

Everything is UNKNOWN? Any idea how to convert this into useful information?

anon50098793 · January 12, 2020, 7:25pm

Maybe no need to...

{ifr_name="wlan1"}) = -1 ENODEV (No such device)

PolynomialDivision · January 14, 2020, 4:19pm

Yep. I thought wificond is creating that.
But I found a solution, turning off that duale use stuff.
Thanks a lot!