Re: having trouble using libpcap to write DLT_USER0 captures

[Sam Roberts <vieuxtech () gmail com>]

Did this get missed? Is the patch not good?

libpcap can read user0 caps, it should be able to write them.

Cheers,
Sam


On Tue, Nov 29, 2011 at 11:38 AM, Sam Roberts <vieuxtech () gmail com> wrote:
> DLT_USER0 is available for internal use, and pcap_open_dead() will
> accept it, but pcap_dump_open() is complaining that it doesn't know
> the corresponding link type.
>
> I assume this is intentional, but why is it a feature? It seems
> preferable that people use libpcap to write pcap files than rolling
> their own, probably buggy, versions.
>
> With the change below I can write USER0 pcaps and read them with wireshark.
>
> Cheers,
> Sam
>
>
> diff --git a/pcap-common.c b/pcap-common.c
> index a0eb3a2..bd78dc3 100644
> --- a/pcap-common.c
> +++ b/pcap-common.c
> @@ -1212,6 +1212,10 @@ dlt_to_linktype(int dlt)
>                        return (map[i].linktype);
>        }
>
> +        if (dlt >= DLT_USER0 && dlt <= DLT_USER15)  {
> +            return dlt;
> +        }
> +
>
>        /*
>         * If we don't have a mapping for this DLT_ code, return an
>         * error; that means that the table above needs to have an
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.