Como faço para que o strace “decodifique” a comunicação AF_NETLINK como no ioctl?

strace normalmente "decifra" ioctl chamadas, mostrando o que elas significam, mesmo resolvendo nomes de interface de rede e assim por diante.

Mas a mesma operação executada usando AF_NETLINK permanece opaca em strace . Como posso ensinar strace a analisar AF_NETLINK das coisas? Existem patches ou garfos com esse recurso?

sendmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0
ioctl(4, SIOCGIFFLAGS, {ifr_name="veth0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_ALLMULTI}) = 0
sendmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0
ioctl(4, SIOCGIFFLAGS, {ifr_name="veth0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_ALLMULTI}) = 0
%pre%%pre%%pre%%pre%3K5S%pre%%pre%%pre%%pre%\n0%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%"..., 48}], msg_controllen=0, msg_flags=0}, 0) = 48
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"4%pre%%pre%%pre%%pre%%pre%%pre%3K5S74%pre%%pre%\n00%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = 148
%pre%%pre%%pre%3K5S%pre%%pre%%pre%%pre%\n0%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%"..., 48}], msg_controllen=0, msg_flags=0}, 0) = 48
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"4%pre%%pre%%pre%%pre%%pre%%pre%3K5S74%pre%%pre%\n00%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = 148

Exemplo de saída de strace "cozida" com ioctl

Plano de fundo em AF_NETLINK

trecho de Wikipedia

The AF_NETLINK family offers multiple protocol subsets. Each interfaces to a different kernel component and has a different messaging subset. The following protocol is referenced in the field below:

  int socket(AF_NETLINK, SOCK_DGRAM or SOCK_RAW, protocol)

Lacking a standard, SOCK_DGRAM and SOCK_RAW are not guaranteed to be implemented in a given Linux (or other OS) release. Some sources state that both options are legitimate, and the reference below from Red Hat states that SOCK_RAW is always the parameter, however iproute2 uses both interchangeably.