tcpdump mailing list archives

having trouble using libpcap to write DLT_USER0 captures

From: Sam Roberts <vieuxtech () gmail com>
Date: Tue, 29 Nov 2011 11:38:50 -0800

DLT_USER0 is available for internal use, and pcap_open_dead() will
accept it, but pcap_dump_open() is complaining that it doesn't know
the corresponding link type.

I assume this is intentional, but why is it a feature? It seems
preferable that people use libpcap to write pcap files than rolling
their own, probably buggy, versions.

With the change below I can write USER0 pcaps and read them with wireshark.

Cheers,
Sam


diff --git a/pcap-common.c b/pcap-common.c
index a0eb3a2..bd78dc3 100644
--- a/pcap-common.c
+++ b/pcap-common.c
@@ -1212,6 +1212,10 @@ dlt_to_linktype(int dlt)
                        return (map[i].linktype);
        }

+        if (dlt >= DLT_USER0 && dlt <= DLT_USER15)  {
+            return dlt;
+        }
+

        /*
         * If we don't have a mapping for this DLT_ code, return an
         * error; that means that the table above needs to have an
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

having trouble using libpcap to write DLT_USER0 captures Sam Roberts (Nov 29)
- Re: having trouble using libpcap to write DLT_USER0 captures Sam Roberts (Dec 17)
- Re: having trouble using libpcap to write DLT_USER0 captures Guy Harris (Dec 17)