--- Begin Message ---
"Defined" in what sense?
First of all, I want to define a header, with a magic byte maybe, a time
stamp, length of the whole packet and so on. Something which wraps my
actual data and which libpcap can recognize or rather expect as data
which can be read from my device node.
Right now, if I try to connect tcpdump with my device node for reading
and receiving data, I only get a:
listening on kpnode0, link-type 147, snapshot length 262144 bytes
pcap_stats: this operation isn't properly handelst by that device.
My kernel module provides data in packets which is preceded by an header
which I deliberately defined for libpcap to recognized as data from MY
device. This is what I understood to do it. My question now is, where
should I define my datatype within the libpcap source code? I associate
my data type with the free user defied DLT_USER0, so that is the reason
why pcap mentioned link-type 147. Im not stuck on that user defined
type. Maybe it's better to define a whole new data type like e.g.
DLT_USB_LINUX. Anyway it's nothing destined for release. For now Im just
happy if libpcap excepts my header data type to read. Filtering and all
this comes later. I guess I have to make changes in my kernel probe, or
write a BPF function?
Another question is: how to map the structure(s) in which I define my data
types with the symbol in dlt.h?
"Map" in what sense?
In a way, so that I can define a struct of my header data (with other
structs nested maybe) and this struct is asociated as DLT_USER0. Or a
something similar?
Thanks in advance
BR Christian
--- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
