tcpdump mailing list archives

Reading capture files with an unknown link-layer header type

From: Guy Harris via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Thu, 11 Jun 2020 22:31:59 -0700

--- Begin Message --- From: Guy Harris <gharris () sonic net>
Date: Thu, 11 Jun 2020 22:31:59 -0700

François checked in a change to tcpdump so that, if it's handed a capture file with a link-layer header type for which 
it has no dissector, it just dumps the packet data in hex, rather than failing with an indication that the header type 
isn't supported.

However, pcap_compile(), in *libpcap*, will fail with an unknown header type - and tcpdump always hands a filter to 
pcap_compile(), even if it's a null string (which means "accept every packet").

It doesn't fail with *known* filter types for which most filters are unsupported, it just rejects most of them (other 
than "link[M:N]").

Is there any reason *not* handle link-layer types unknown to libpcap in pcap_compile()?

--- End Message ---

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

Reading capture files with an unknown link-layer header type Guy Harris via tcpdump-workers (Jun 11)
- Re: Reading capture files with an unknown link-layer header type Francois-Xavier Le Bail via tcpdump-workers (Jun 13)