Re: Why dos not supported inbound/outbound on linktype DLT_PPP?

[Guy Harris <gharris () sonic net>]

On Thu, Feb 19, 2004 at 11:20:08AM +0100, Petr Ostadal wrote:
> we found in SUSE, that you removed support of inbound/outbound on linktype
> DLT_PPP.

In Linux, we don't support DLT_PPP, *PERIOD* - Linux's PPP code is
sufficiently broken that you cannot be guaranteed to get a PPP header
and cannot be guaranteed *not* to get other unwanted crap at the
beginning of packets.

Therefore, in Linux, we don't use DLT_PPP for PPP interfaces (note that
the string "DLT_PPP" doesn't appear anywhere in pcap-linux.c in recent
versions of libpcap); instead, we capture in cooked mode, with
DLT_LINUX_SLL as the header, and that *does* have a direction flag, so
you *can* use direction filters.

> See http://cvs.tcpdump.org/cgi-bin/cvsweb/libpcap/gencode.c?r1=1.185&r2=1.186
> with changelog "Feb 14, 2004: Unfortunately, there is no direction flag
> for DLT_PPP."

That's referring to the DLT_PPP header as generated by, for example,
BSD, where there really truly *IS* no direction flag.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe