Re: LINUX_SLL2

[Denis Ovsienko <denis () ovsienko info>]

---- On Sun, 15 Feb 2015 19:34:37 +0000 Paul "LeoNerd" Evans<leonerd () leonerd org uk> wrote ---- 
> On Tue, 13 Jan 2015 00:29:43 +0200 
> Denis Ovsienko <denis () ovsienko info> wrote: 
>  
> > List, 
> >  
> > there is an idea to improve libpcap and tcpdump to enable the latter 
> > to print interface name (index) and direction of each packet: 
> >  
> > https://github.com/the-tcpdump-group/tcpdump/issues/296 
> > https://github.com/the-tcpdump-group/libpcap/issues/127 
> >  
> > It is pretty much clear how to do that: the only way would be through 
> > a new DLT, a proposal for which is made here: 
> > https://github.com/the-tcpdump-group/tcpdump-htdocs/pull/3 
> >  
> > Let me ask for feedback on this change because the original author 
> > has issues posting to the mailing list. 
>  
> So, uhm... 
>  
> Any thoughts on this so far? I'm really keen to have it applied, 
> because I already have a full implementation of a tcpdump-like program 
> that I wrote almost entirely *because* libpcap+tcpdump can't do this. 
> It would be great to have it supported by core after all. 

There are following differences of the proposed SLL2 from the existing SLL:

1. the Packet type field is 1 byte long (now as in struct sockaddr_ll)
2. same for the Link-layer address length field
3. there is a new Interface index field 4 bytes long (same as in sockaddr_ll)

This makes SLL2 quite close to sockaddr_ll (except the the order of fields and the sll_family field, which is told to 
be equal to AF_PACKET in this case). In other words, it looks sufficiently good on paper to proceed with the 
implementation.

-- 
    Denis Ovsienko

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers