NSEC magic number in savefile.c

[Pierre KARAMPOURNIS <pkarampournis () gmail com>]

Hello,

A device like an Endace DAG can provide nanosecond timestamped packets using
the usec field of the PCAP format to store the nanoseconds.
Moreover, it seems that this variation of the PCAP format is tolerate if you
use the NSEC_TCPDUMP_MAGIC magic number in your PCAP file.
But in fact, this magic number is defined in savefile.c but is never used.
Furthermore, if we try to use tools using libpcap to read nsec-pcap files,
it won't work because of the following code (libpcap1.0.0 : savefile.c :
line 1216) :

if (magic != TCPDUMP_MAGIC && magic != KUZNETZOV_TCPDUMP_MAGIC) {
            snprintf(errbuf, PCAP_ERRBUF_SIZE,
                "bad dump file format");
            goto bad;
        }

But I want to use tcpdump with that kind of PCAPs so I modified savefile.c
in libpcap and a few files in tcpdump to take advantage of this format.

I thought it could be interesting if, when installing libpcap, we could
configure the output PCAP format we want to use instead of the regular
format (via options with ./configure for example)

Is it usefull to add this possibility for the libpcap community ?

Thanks,

Pierre
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.