tcpdump mailing list archives
Re: DLT type for Libpcap Library
From: Christian via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Mon, 29 Aug 2022 15:13:07 +0200
--- Begin Message --- From: Christian <chris () argonautx net>
Date: Mon, 29 Aug 2022 15:13:07 +0200
First of all, I want to define a header, with a magic byte maybe, a time stamp, length of the whole packet and so on. Something which wraps my actual data and which libpcap can recognize or rather expect as data which can be read from my device node."Defined" in what sense?Right now, if I try to connect tcpdump with my device node for reading and receiving data, I only get a:listening on kpnode0, link-type 147, snapshot length 262144 bytes pcap_stats: this operation isn't properly handelst by that device.My kernel module provides data in packets which is preceded by an header which I deliberately defined for libpcap to recognized as data from MY device. This is what I understood to do it. My question now is, where should I define my datatype within the libpcap source code? I associate my data type with the free user defied DLT_USER0, so that is the reason why pcap mentioned link-type 147. Im not stuck on that user defined type. Maybe it's better to define a whole new data type like e.g. DLT_USB_LINUX. Anyway it's nothing destined for release. For now Im just happy if libpcap excepts my header data type to read. Filtering and all this comes later. I guess I have to make changes in my kernel probe, or write a BPF function?Another question is: how to map the structure(s) in which I define my data types with the symbol in dlt.h?"Map" in what sense?In a way, so that I can define a struct of my header data (with other structs nested maybe) and this struct is asociated as DLT_USER0. Or a something similar?Thanks in advance BR Christian
--- End Message ---
_______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- DLT type for Libpcap Library Christian via tcpdump-workers (Aug 28)
- Re: DLT type for Libpcap Library Guy Harris via tcpdump-workers (Aug 28)
- Message not available
- Re: DLT type for Libpcap Library Christian via tcpdump-workers (Aug 29)
- Message not available
- Message not available
- Re: DLT type for Libpcap Library Guy Harris via tcpdump-workers (Aug 29)
- Message not available