> The problem is I don't have 0 length link layer, but I invented a specific
> IP Filter link layer header, which can contain for example the IP Filter
> flags (fr_flags), the direction (IN/OUT) and the interface.
Then you need to invent a specific DLT_ name for that link-layer
header, and add support for it to libpcap and tcpdump.
If you do so, please use 116 as the value for that DLT_ name, and send
us the name you chose (e.g., DLT_IPFILTER). Otherwise, we can't
guarantee that the value won't later be assigned to some other DLT_
name.
The way you add support to it in the pcap compiler is:
add a case to the switch statement in "init_linktype()" in
"gencode.c" - set "off_nl" to the offset of the first byte of
the network-layer header relative to the beginning of the packet
(which would be the length of the fake link-layer header) and,
if all packets are IP packets (so that there's no type field in
the fake link-layer header), set "off_linktype" to -1;
add a case to the switch statement in "gen_linktype()" in
"gencode.c" - in this case, add it right after "case DLT_RAW:",
if, as I infer is the case, all packets are IP packets;
add, if you want, a case to the switch statement in
"gen_inbound()" in "gencode.c" - you're on your own figuring out
the right way to do that, though, as I can't look at it in
detail right now.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
