Re: [PATCH libpcap] linktype: add netlink link/dlt type

[Daniel Borkmann <dborkman () redhat com>]

On 07/19/2013 08:23 PM, Guy Harris wrote:
> On Jul 3, 2013, at 3:49 AM, Daniel Borkmann <dborkman () redhat com> wrote:
>
> > For pcap interoperability, introduce a common link type for netlink
> > captures.
>
> What do the link-layer headers for this look like?

That is struct nlmsghdr, found in include/uapi/linux/netlink.h.

> Presumably making that work also involves changes to libpcap to support
> capturing on nlmon devices (so that DLT_NETLINK is returned for them) and,
> if you're not using the -w flag to tcpdump, changes to tcpdump to analyze
> DLT_NETLINK packets.

Right, for the device type identification, this is being exported as
ARPHRD_NETLINK (include/uapi/linux/if_arp.h) in pf_packet's sll's
sll_hatype member.

I can have a look how libpcap handles this and send a follow-up patch
for further inclusion next week if wished.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers