From 12c6a61fa54a2ee6a28c04ff51b2456f73d499b9 Mon Sep 17 00:00:00 2001
From: Daniel Borkmann <daniel@iogearbox.net>
Date: Fri, 19 Jun 2015 00:30:31 +0200
Subject: pcap_io: add cooked mode support

Originally submitted by Vadim in a different form, he wrote:

  Use Linux "cooked" header for Netlink interface automatically or
  as replacement of L2 header if "--cooked" option is specified:

    http://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html

  'Cooked headers' makes sense to use for default or nsec pcap
  types which does not contain protocol info.

  Added new LINKTYPE_LINUX_SLL which indicates pcap file with
  Linux "cooked" header as L2 layer header. This pcap file is
  compatible with Wireshark's "cooked" header & vice-versa.

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
---
 netsniff-ng.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'netsniff-ng.c')

diff --git a/netsniff-ng.c b/netsniff-ng.c
index 0a9c620..e593b9d 100644
--- a/netsniff-ng.c
+++ b/netsniff-ng.c
@@ -1519,6 +1519,23 @@ int main(int argc, char **argv)
 
 		if (!ctx.link_type)
 			ctx.link_type = pcap_dev_to_linktype(ctx.device_in);
+		if (link_has_sll_hdr(ctx.link_type)) {
+			switch (ctx.magic) {
+			case ORIGINAL_TCPDUMP_MAGIC:
+				ctx.magic = ORIGINAL_TCPDUMP_MAGIC_LL;
+				break;
+			case NSEC_TCPDUMP_MAGIC:
+				ctx.magic = NSEC_TCPDUMP_MAGIC_LL;
+				break;
+			case ___constant_swab32(ORIGINAL_TCPDUMP_MAGIC):
+				ctx.magic = ___constant_swab32(ORIGINAL_TCPDUMP_MAGIC_LL);
+				break;
+			case ___constant_swab32(NSEC_TCPDUMP_MAGIC):
+				ctx.magic = ___constant_swab32(NSEC_TCPDUMP_MAGIC_LL);
+				break;
+			}
+		}
+
 
 		if (!ctx.device_out) {
 			ctx.dump = 0;
-- 
cgit v1.2.3-54-g00ecf