tcpdump mailing list archives
Re: Request for a DLT value (for nflog)
From: Guy Harris <guy () alum mit edu>
Date: Mon, 20 Jun 2011 11:46:50 -0700
On Jun 20, 2011, at 3:21 AM, Jakub Zawadzki wrote:
After which follow any numbers of TLVs. (Structure From <linux/netfilter/nfnetlink_compat.h> header) struct nfattr { uint16_t nfa_len; /** length, including 4 bytes of header, host-order **/ uint16_t nfa_type; /* we use 15 bits for the type, and the highest *bit to indicate whether the payload is nested */ /** type, host-order */ /** uint8_t nfa_data[nfattr.nfa_len-4] **/ }; Known types are defined in enum nfulnl_attr_type (<linux/netfilter/nfnetlink_log.h>) Some of these includes: - NFULA_PAYLOAD=0x9 /* opaque data payload */ /** nfgen_family payload **/ - NFULA_PREFIX=0xa /* string prefix */ /** prefix (from --nflog-prefix) NUL-terminated */ - NFULA_UID=0xb /* user id of socket */ /** 4B in BE */ - NFULA_GID=0xe /* group id of socket */ /** 4B in BE */ ...
And is there any packet data in there? For example, is that what's in NFULA_PAYLOAD TLVs?- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Request for a DLT value (for nflog) Jakub Zawadzki (Jun 20)
- Re: Request for a DLT value (for nflog) Guy Harris (Jun 20)
- Re: Request for a DLT value (for nflog) Jakub Zawadzki (Jun 20)
- Re: Request for a DLT value (for nflog) Guy Harris (Jun 20)
- Re: Request for a DLT value (for nflog) Jakub Zawadzki (Jun 20)
- Re: Request for a DLT value (for nflog) Guy Harris (Jun 20)