tcpdump mailing list archives

Re: Request for a DLT value (for nflog)

From: Guy Harris <guy () alum mit edu>
Date: Tue, 30 Aug 2011 17:56:54 -0700


On Jun 20, 2011, at 3:21 AM, Jakub Zawadzki wrote:

DLT_NFLOG starts with struct nfgenmsg header defined in <linux/netfilter/nfnetlink.h>,
which looks like (changed to stdint.h types + my comments in /** **/):

struct nfgenmsg {
 uint8_t nfgen_family; /* AF_xxx */
                       /** Linux AF-VALUES, AF_INET=2, AF_INET6=10 **/
 uint8_t version;      /* nfnetlink version */
                       /** For now only NFNETLINK_V0 = 0 **/
 uint16_t res_id;      /* resource id */
                       /** on one socket netlink it's possible to listen to
                        ** several nflog-groups. Value in BIG ENDIAN **/
};

After which follow any numbers of TLVs.

(Structure From <linux/netfilter/nfnetlink_compat.h> header)

struct nfattr {
 uint16_t nfa_len;      /** length, including 4 bytes of header, host-order **/
 uint16_t nfa_type;  /* we use 15 bits for the type, and the highest
                      *bit to indicate whether the payload is nested */
                     /** type, host-order */

 /** uint8_t nfa_data[nfattr.nfa_len-4] **/
};


So how do you know how many TLVs there are?  Is there a special "end of list" TLV?

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Re: Request for a DLT value (for nflog) Jakub Zawadzki (Jul 05)
- Re: Request for a DLT value (for nflog) Darren Reed (Jul 05)
- <Possible follow-ups>
- Re: Request for a DLT value (for nflog) Guy Harris (Jul 13)
  - Re: Request for a DLT value (for nflog) Guy Harris (Aug 30)
- Re: Request for a DLT value (for nflog) Sam Roberts (Jul 14)
- Re: Request for a DLT value (for nflog) Guy Harris (Aug 30)