diff --git a/src/diag_dpl.c b/src/diag_dpl.c
new file mode 100644
index 0000000..26fd36a
--- /dev/null
+++ b/src/diag_dpl.c
@@ -0,0 +1,104 @@
+/* Utility code for Diag Packet Logging */
+/*
+ * (C) 2016 by Harald Welte <laforge@gnumonks.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <osmocom/core/utils.h>
+#include <osmocom/core/msgb.h>
+
+#include "protocol/diagcmd.h"
+#include "protocol/diag_log_1x.h"
+#include "protocol/dpl.h"
+
+/* iface-id 0..99 */
+/* every interface has multiple physical links */
+/* iid contains flag info: 16bits LDFx IFNA PROT LINS, see struct
+ * dpl_iid
+ */
+
+int diag_dpl_reset_logging(struct diag_instance *di)
+{
+	struct msb *msg = msgb_alloc_diag();
+	diag_push_subsys_hdr(msg, DIAG_SUBSYS_PS_DATA_LOGGING,
+			     DIAG_DPL_RESET_LOGGING);
+	diag_transmit_msgb(di, msg);
+	diag_read(di);
+	return 0;
+}
+
+int diag_dpl_get_sup_if(struct diag_instance *di)
+{
+	struct msgb *mgs = msgb_alloc_diag();
+	diag_push_subsys_hdr(msg, DIAG_SUBSYS_PS_DATA_LOGGING,
+			     DIAG_DPL_GET_SUPPORTED_IFACES);
+	diag_transmit_msgb(di, msg);
+	diag_read(di);
+	return 0;
+}
+
+int diag_dpl_get_if_desc(struct diag_instance *di, uint8_t iface_id)
+{
+	struct msgb *mgs = msgb_alloc_diag();
+	struct dpl_get_if_desc_req *gidr;
+
+	gidr = (struct dpl_get_if_desc_req *) mgsb_put(msg, sizeof(*gidr));
+	gidr->iface_id = iface_id;
+	diag_push_subsys_hdr(msg, DIAG_SUBSYS_PS_DATA_LOGGING,
+			     DIAG_DPL_GET_SUPPORTED_IFACES);
+	diag_transmit_msgb(di, msg);
+	diag_read(di);
+	return 0;
+}
+
+int diag_dpl_set_if_log(struct diag_instance *di, uint8_t iface_id)
+{
+	struct msgb *mgs = msgb_alloc_diag();
+	struct dpl_set_if_log_req *silr;
+
+	silr = (struct dpl_get_if_desc_req *) msgb_put(msg, sizeof(*silr));
+	silr->iface_id = iface_id;
+	silr->num_log_flags = 1;
+	msgb_put(msg, sizeof(silr->log_flags[0]);
+	silr->log_flags[0].iid = FIXME;
+	silr->log_flags[0].link_type = FIXME;
+
+	diag_transmit_msgb(di, msg);
+	diag_read(di);
+
+	return 0;
+}
+
+/* LOG_DATA_PROTOCOL_LOGGING_C must be enabled */
+/* dpli_log_full_packet() used to log packet; maximum of 256 bytes per
+ * diag message; DPLI_BUILD_LOG_PACKET */
+static void handle_pcap_msg(struct log_hdr *lh, struct msgb *msg)
+{
+	struct dpl_hdr *dh = (struct dpl_hdr *) msgb_data(msg);
+	printf("(fl=0x%02x, ifn=0x%02x, prot=0x%02x, inst=%u, seq=%u, seg=%u): %s",
+		dh->iid.flags, dh->iid.if_name, dh->iid.protocol,
+		dh->iid.link_instance, dh->seeq_nr, sh->seg_num,
+		osmo_hexdump(dh->data, msgb_len(msg)-sizeof(*dh)));
+}
+
+static const struct diag_log_dispatch_tbl log_tbl[] = {
+	{ L1X(LOG_DATA_PROTOCOL_LOGGING_C), handle_pcap_msg },
+};
+
+static __attribute__((constructor)) void on_dso_load_gsm(void)
+{
+	diag_log_reg_dispatch(log_tbl, ARRAY_SIZE(log_tbl));
+}
diff --git a/src/diag_io.h b/src/diag_io.h
index 561da3d..c02ce82 100644
--- a/src/diag_io.h
+++ b/src/diag_io.h
@@ -2,6 +2,7 @@
 
 #include <stdint.h>
 #include <osmocom/core/msgb.h>
+#include <osmocom/core/gsmtap_util.h>
 
 struct diag_instance {
 	int fd;
@@ -11,6 +12,7 @@ struct diag_instance {
 	} rx;
 	struct {
 	} tx;
+	struct gsmtap_inst *gsmtap;
 };
 
 int diag_transmit_msgb(struct diag_instance *di, struct msgb *msg);
diff --git a/src/diag_log_umts.c b/src/diag_log_umts.c
index 1d69648..609e09d 100644
--- a/src/diag_log_umts.c
+++ b/src/diag_log_umts.c
@@ -1,6 +1,7 @@
 #include <stdio.h>
 
 #include "diag_log.h"
+#include "protocol/diag_log_gsm.h"
 #include "protocol/diag_log_wcdma.h"
 
 static void handle_rrc_sig_msg(struct log_hdr *lh, struct msgb *msg)
@@ -11,8 +12,14 @@ static void handle_rrc_sig_msg(struct log_hdr *lh, struct msgb *msg)
 		osmo_hexdump(msgb_data(msg), rrm->length));
 }
 
+static void handle_gmm_ota_msg(struct log_hdr *lh, struct msgb *msg)
+{
+	/* FIXME */
+}
+
 static const struct diag_log_dispatch_tbl log_tbl[] = {
 	{ UMTS(LOG_WCDMA_SIGNALING_MSG_C), handle_rrc_sig_msg },
+	{ UMTS(LOG_GPRS_SM_GMM_OTA_MESSAGE_C), handle_gmm_ota_msg },
 };
 
 static __attribute__((constructor)) void on_dso_load_umts(void)
diff --git a/src/osmo-qcdiag-log.c b/src/osmo-qcdiag-log.c
index cc71df4..33a9cb1 100644
--- a/src/osmo-qcdiag-log.c
+++ b/src/osmo-qcdiag-log.c
@@ -34,6 +34,8 @@
 
 #include <osmocom/core/msgb.h>
 #include <osmocom/core/serial.h>
+#include <osmocom/core/gsmtap_util.h>
+#include <osmocom/core/gsmtap.h>
 
 #include "diag_io.h"
 #include "diag_log.h"
@@ -84,6 +86,10 @@ static void do_configure(struct diag_instance *di)
 	diag_read(di);
 #endif
 	diag_msg_config_set_rt_mask(di, MSG_SSID_LINUX_DATA, 0xffffffff);
+	diag_msg_config_set_rt_mask(di, 5012, 0xffffffff);
+	diag_msg_config_set_rt_mask(di, 5000, 0xffffffff);
+	diag_msg_config_set_rt_mask(di, 5030, 0xffffffff);
+	diag_msg_config_set_rt_mask(di, 5009, 0xffffffff);
 
 #if 0
 	printf("GSM\n");
@@ -151,6 +157,9 @@ int main(int argc, char **argv)
 
 	do_configure(&di);
 
+	di.gsmtap = gsmtap_source_init("localhost", GSMTAP_UDP_PORT, 0);
+	gsmtap_source_add_sink(di.gsmtap);
+
 	while (1) {
 		i++;
 		rc = diag_read(&di);
diff --git a/src/protocol/diag_log_1x.h b/src/protocol/diag_log_1x.h
new file mode 100644
index 0000000..fc446e0
--- /dev/null
+++ b/src/protocol/diag_log_1x.h
@@ -0,0 +1,30 @@
+#pragma once
+
+#include <stdint.h>
+
+#define L1X(x)	(0x1000 + x)
+
+enum diag_log_code_1x {
+	LOG_UIM_DATA_C						= 0x98,
+	LOG_DATA_PROTOCOL_LOGGING_C				= 0x1eb,
+	LOG_DATA_PROTOCOL_LOGGING_NETWORK_IP_RM_TX_80_BYTES_C	= 0x572,
+	LOG_DATA_PROTOCOL_LOGGING_NETWORK_IP_RM_RX_80_BYTES_C	= 0x573,
+	LOG_DATA_PROTOCOL_LOGGING_NETWORK_IP_RM_TX_FULL_C	= 0x574,
+	LOG_DATA_PROTOCOL_LOGGING_NETWORK_IP_RM_RX_FULL_C	= 0x575,
+	LOG_DATA_PROTOCOL_LOGGING_NETWORK_IP_UM_TX_80_BYTES_C	= 0x576,
+	LOG_DATA_PROTOCOL_LOGGING_NETWORK_IP_UM_RX_80_BYTES_C	= 0x577,
+	LOG_DATA_PROTOCOL_LOGGING_NETWORK_IP_UM_TX_FULL_C	= 0x578,
+	LOG_DATA_PROTOCOL_LOGGING_NETWORK_IP_UM_RX_FULL_C	= 0x579,
+	LOG_DATA_PROTOCOL_LOGGING_LINK_RM_TX_80_BYTES_C		= 0x57a,
+	LOG_DATA_PROTOCOL_LOGGING_LINK_RM_RX_80_BYTES_C		= 0x57b,
+	LOG_DATA_PROTOCOL_LOGGING_LINK_RM_TX_FULL_C		= 0x57c,
+	LOG_DATA_PROTOCOL_LOGGING_LINK_RM_RX_FULL_C		= 0x57d,
+	LOG_DATA_PROTOCOL_LOGGING_LINK_UM_TX_80_BYTES_C		= 0x57e,
+	LOG_DATA_PROTOCOL_LOGGING_LINK_UM_RX_80_BYTES_C		= 0x57f,
+	LOG_DATA_PROTOCOL_LOGGING_LINK_UM_TX_FULL_C		= 0x580,
+	LOG_DATA_PROTOCOL_LOGGING_LINK_UM_RX_FULL_C		= 0x581,
+	LOG_DATA_PROTOCOL_LOGGING_FLOW_RM_TX_80_BYTES_C		= 0x582,
+	LOG_DATA_PROTOCOL_LOGGING_FLOW_RM_TX_FULL_C		= 0x583,
+	LOG_DATA_PROTOCOL_LOGGING_FLOW_UM_TX_80_BYTES_C		= 0x584,
+	LOG_DATA_PROTOCOL_LOGGING_FLOW_UM_TX_FULL_C		= 0x585,
+};
diff --git a/src/protocol/diag_log_gsm.h b/src/protocol/diag_log_gsm.h
index fb67821..c3b54b9 100644
--- a/src/protocol/diag_log_gsm.h
+++ b/src/protocol/diag_log_gsm.h
@@ -16,6 +16,7 @@ enum diag_log_code_gsm {
 	LOG_GSM_RR_SIGNALING_MESSAGE_C			= 0x12f,
 
 
+	//= 303,
 	LOG_GSM_RR_CONTROL_CHANNEL_PARAMS_C		= 306,
 
 	LOG_GPRS_INDICATORS_C				= 500,
@@ -105,6 +106,18 @@ enum diag_gsm_cmd {
 	DIAG_GSM_MAX_F			= 6,
 };
 
+/* channel_type | 0x80 == downlink */
+enum diag_gsm_rr_chan_type {
+	DIAG_GSM_L2_CHAN_TYPE_DCCH	= 0,
+	DIAG_GSM_L2_CHAN_TYPE_BCCH	= 1,
+	DIAG_GSM_L2_CHAN_TYPE_RACH	= 2,
+	DIAG_GSM_L2_CHAN_TYPE_CCCH	= 3,
+	DIAG_GSM_L2_CHAN_TYPE_SACCH	= 4,
+	DIAG_GSM_L2_CHAN_TYPE_SDCCH	= 5,
+	DIAG_GSM_L2_CHAN_TYPE_FACCH_F	= 6,
+	DIAG_GSM_L2_CHAN_TYPE_FACCH_H	= 7,
+};
+
 /* LOG_GSM_RR_SIGNALING_MESSAGE_C */
 struct diag_gsm_rr_msg {
 	uint8_t chan_type;
diff --git a/src/protocol/dpl.h b/src/protocol/dpl.h
new file mode 100644
index 0000000..065598a
--- /dev/null
+++ b/src/protocol/dpl.h
@@ -0,0 +1,79 @@
+#pragma once
+
+enum diag_dpl_cmd_type {
+	DIAG_DPL_RESET_LOGGING		= 1,
+	DIAG_DPL_GET_SUPPORTED_IFACES	= 2,
+	DIAG_DPL_GET_IFACE_DESC		= 3,
+	DIAG_DPL_SET_IFACE_LOGGING	= 4,
+	DIAG_DPL_GET_SUPPORTED_PROTOCOLS= 5,
+};
+
+enum diag_dpl_prot_net_type {
+	DIAG_DPL_IID_PROT_NET_IP	= 1,
+	DIAG_DPL_IID_PROT_NET_HDLC_UNFR	= 2,
+};
+
+enum diag_dpl_prot_link_type {
+	DIAG_DPL_IID_PROT_LINK_ANY	= 0,
+	DIAG_DPL_IID_PROT_LINK_ETHER	= 1,
+	DIAG_DPL_IID_PROT_LINK_PPP_HDLC1= 2,
+	DIAG_DPL_IID_PROT_LINK_ROHC_IP	= 3,
+	DIAG_DPL_IID_PROT_LINK_IPHC_IP	= 4,
+};
+
+/* If set, IID refers to flow based filter? */
+#define DIAG_DPL_IID_FLAG_FLOW		0x20
+/* If set, IID refers to TX; unset: RX */
+#define DIAG_DPL_IID_FLAG_DIR_TX	0x40
+/* If set, IID refers to link; unset: network */
+#define DIAG_DPL_IID_FLAG_LINK		0x80
+
+/* network based logging: legacy */
+
+struct dpl_iid {
+	uint8_t flags; /* see above */
+	uint8_t if_name; /* 0..99 */
+	uint8_t protocol;  /* diag_dpl_prot_{link,net}_type */
+	uint8_t link_instance;
+} __attribute__ ((packed));
+
+/* DIAG_DPL_GET_SUPPORTED_IFACES */
+/* request: regulsr diapkt_subsys_hdr */
+struct dpl_get_sup_if_resp {
+	uint8_t num_ifaces;
+	uint8_t iface_id[0];
+};
+
+/* DIAG_DPL_GET_IFACE_DESC */
+struct dpl_get_if_desc_req {
+	uint8_t iface_id;
+};
+/*
+struct dpl_get_if_desc_resp {
+	uint8_t iface_id;
+	null-terminated interface description
+	uint8_t num_links;
+	array of null-terminated strings
+	uint8_t num_flows
+	array of null-terminated flows
+};
+*/
+
+/* DIAG_DPL_SET_IFACE_LOGGING */
+struct dpl_set_if_log_req {
+	uint8_t iface_id;
+	uint8_t num_log_flags;
+	struct {
+		uint32_t iid;
+		uint32_t link_type;
+	} log_flag[0];
+};
+
+/* header pre-fixed to actual packet payload; as generated by
+ * DPLI_BUILD_LOG_PACKET inside the modem */
+struct dpl_hdr {
+	struct dpl_iid iid;
+	uint16_t seq_nr;
+	uint16_t seg_num;
+	uint8_t data[0];
+} __attribute__ ((packed));