Re: tcpdump: patches required for OpenSolaris/SXCE

[Darren Reed <Darren.Reed () Sun COM>]

In some further development, I've updated print-ipnet.c
to output which hook was used to record the packet.

The output has been modified to look like this:

$ ./tcpdump -c 3 -en -r ~/a
reading from file /home/dr146992/a, link-type IPNET (Solaris ipnet)
20:52:54.829738 0 > -1, hook observe-out (1) family IPv4 (2), length 
152: 10.0.0.1.47974 > 10.0.0.3.1023: UDP, length 100
20:52:54.831924 -1 > 0, hook observe-in (0) family IPv4 (2), length 84: 
10.0.0.3.32774 > 10.0.0.1.47974: UDP, length 32
20:52:54.831930 -1 > 0, hook observe-in (0) family IPv4 (2), length 84: 
10.0.0.3.32774 > 10.0.0.1.47974: UDP, length 32

Previously this field was not printed out at all.

Darren

diff --git a/ipnet.h b/ipnet.h
index ae69284..abe4f60 100644
--- a/ipnet.h
+++ b/ipnet.h
@@ -9,5 +9,9 @@ typedef struct ipnet_hdr {
        uint32_t        iph_zdst;
 } ipnet_hdr_t;
 
-#define        IPH_AF_INET     2               /* Matches Solaris's AF_INET */
-#define        IPH_AF_INET6    26              /* Matches Solaris's AF_INET6 */
+#define        IPH_AF_INET             2       /* Matches Solaris's AF_INET */
+#define        IPH_AF_INET6            26      /* Matches Solaris's AF_INET6 */
+
+#define        IPOBS_H_INBOUND         0
+#define        IPOBS_H_OUTBOUND        1
+#define        IPOBS_H_LOCAL           2
diff --git a/print-ipnet.c b/print-ipnet.c
index 3a5b5a1..fdfd790 100644
--- a/print-ipnet.c
+++ b/print-ipnet.c
@@ -14,12 +14,19 @@
 
 #ifdef DLT_IPNET
 
-const struct tok ipnet_values[] = {
+const struct tok ipnet_families[] = {
        { IPH_AF_INET,          "IPv4" },
        { IPH_AF_INET6,         "IPv6" },
        { 0,                    NULL }
 };
 
+const struct tok ipnet_hooks[] = {
+       { IPOBS_H_INBOUND,      "observe-in" },
+       { IPOBS_H_OUTBOUND,     "observe-out" },
+       { IPOBS_H_LOCAL,        "observe-local" },
+       { 0,                    NULL }
+};
+
 static inline void
 ipnet_hdr_print(struct netdissect_options *ndo, const u_char *bp, u_int length)
 {
@@ -29,13 +36,16 @@ ipnet_hdr_print(struct netdissect_options *ndo, const u_char *bp, u_int length)
        ND_PRINT((ndo, "%d > %d", hdr->iph_zsrc, hdr->iph_zdst));
 
        if (!ndo->ndo_qflag) {
-               ND_PRINT((ndo,", family %s (%d)",
-                          tok2str(ipnet_values, "Unknown",
-                                  hdr->iph_family),
-                          hdr->iph_family));
+               ND_PRINT((ndo, ", hook %s (%d) family %s (%d)",
+                         tok2str(ipnet_hooks, "Unknown",
+                                 ntohs(hdr->iph_htype)),
+                         ntohs(hdr->iph_htype),
+                         tok2str(ipnet_families, "Unknown",
+                                 hdr->iph_family),
+                         hdr->iph_family));
         } else {
                ND_PRINT((ndo,", %s",
-                          tok2str(ipnet_values,
+                          tok2str(ipnet_families,
                                   "Unknown Ethertype (0x%04x)",
                                   hdr->iph_family)));
         }

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.