Re: Requesting DLT_* values for Ethernet switches proprietary tagging protocol

[Guy Harris <gharris () sonic net>]

On Jan 18, 2019, at 10:24 AM, Florian Fainelli <f.fainelli () gmail com> wrote:

> In pre-4.19 kernels there was really no way you could reliably tell a
> DSA management interface apart from a regular Ethernet device in the
> system, even by scanning the network device's relationship through
> ifindex etc.

        ...

> Which is not possible none of that qualify as a bug fix we can ask
> -stable maintainers to backport to < 4.19 kernel branches but that is
> fine, there is a beginning to supporting those tags properly and it
> starts with 4.19 and future tcpdump/libpcap/wireshark releases hopefully.

So, for now, let's not worry about pre-4.19 kernels; captures from those will require either 1) heuristics or 2) 
retroactively editing the file to have a different link-layer header type, for pcap files, or to have different 
link-layer header types in IDBs for those interfaces, for pcapng files.

(A tool to edit pcap and pcapng files in that fashion might be something useful to supply with libpcap.  editcap could 
do it for pcap files, but 1) it's shipped with Wireshark not with libpcap, 2) it doesn't overwrite the file in place, 
so it's not quick on large files, and 3) it doesn't support editing particular pcapng IDBs.)

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers