pcap_io: add cooked mode support

Originally submitted by Vadim in a different form, he wrote:

  Use Linux "cooked" header for Netlink interface automatically or
  as replacement of L2 header if "--cooked" option is specified:

    http://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html

  'Cooked headers' makes sense to use for default or nsec pcap
  types which does not contain protocol info.

  Added new LINKTYPE_LINUX_SLL which indicates pcap file with
  Linux "cooked" header as L2 layer header. This pcap file is
  compatible with Wireshark's "cooked" header & vice-versa.

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

1 files changed, 17 insertions, 0 deletions

diff --git a/netsniff-ng.c b/netsniff-ng.c
index 0a9c620..e593b9d 100644
--- a/netsniff-ng.c
+++ b/netsniff-ng.c
@@ -1519,6 +1519,23 @@ int main(int argc, char **argv)
 
 		if (!ctx.link_type)
 			ctx.link_type = pcap_dev_to_linktype(ctx.device_in);
+		if (link_has_sll_hdr(ctx.link_type)) {
+			switch (ctx.magic) {
+			case ORIGINAL_TCPDUMP_MAGIC:
+				ctx.magic = ORIGINAL_TCPDUMP_MAGIC_LL;
+				break;
+			case NSEC_TCPDUMP_MAGIC:
+				ctx.magic = NSEC_TCPDUMP_MAGIC_LL;
+				break;
+			case ___constant_swab32(ORIGINAL_TCPDUMP_MAGIC):
+				ctx.magic = ___constant_swab32(ORIGINAL_TCPDUMP_MAGIC_LL);
+				break;
+			case ___constant_swab32(NSEC_TCPDUMP_MAGIC):
+				ctx.magic = ___constant_swab32(NSEC_TCPDUMP_MAGIC_LL);
+				break;
+			}
+		}
+
 
 		if (!ctx.device_out) {
 			ctx.dump = 0;