tcpdump mailing list archives
Re: Request for a DLT value (for nflog)
From: Jakub Zawadzki <darkjames-ws () darkjames pl>
Date: Mon, 20 Jun 2011 20:55:32 +0200
On Mon, Jun 20, 2011 at 11:46:50AM -0700, Guy Harris wrote:
And is there any packet data in there? For example, is that what's in NFULA_PAYLOAD TLVs?-
I'm not 100% sure if I undestand your question, but I think yes, it's what current version of pcap-netfilter-linux.c is doing, i.e. finding NFULA_PAYLOAD and passing it to user as DLT_IPV4 Current version of pcap-netfilter-linux.c is binding only for AF_INET so it's ok. But after registring new DLT_ it'd be possible to bind both to AF_INET and AF_INET6. Registring new DLT_ is also needed when you want to store more information about logged packets (like uid/gid/prefix). If you want I can send you example pcap + patch for wireshark. Cheers, Jakub. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Request for a DLT value (for nflog) Jakub Zawadzki (Jun 20)
- Re: Request for a DLT value (for nflog) Guy Harris (Jun 20)
- Re: Request for a DLT value (for nflog) Jakub Zawadzki (Jun 20)
- Re: Request for a DLT value (for nflog) Guy Harris (Jun 20)
- Re: Request for a DLT value (for nflog) Jakub Zawadzki (Jun 20)
- Re: Request for a DLT value (for nflog) Guy Harris (Jun 20)