git.ipfire.org Git - thirdparty/suricata.git/commit

author	Victor Julien <victor@inliniac.net>
	Mon, 13 Apr 2015 10:12:46 +0000 (12:12 +0200)
committer	Victor Julien <victor@inliniac.net>
	Thu, 30 Apr 2015 13:36:54 +0000 (15:36 +0200)
commit	04ccfda6398820ccc570497ea76aea5966dc368c
tree	d0d3df29dc7396a5fe6474915530f7c581bb3f21	tree
parent	97a2d1ac267a13b6c623bf57ad1b8ad8d95290a1	commit \| diff

pcap: implement LINKTYPE_NULL

Implement LINKTYPE_NULL for pcap live and pcap file.

From: http://www.tcpdump.org/linktypes.html

"BSD loopback encapsulation; the link layer header is a 4-byte field,
in host byte order, containing a PF_ value from socket.h for the
network-layer protocol of the packet.

Note that ``host byte order'' is the byte order of the machine on
which the packets are captured, and the PF_ values are for the OS
of the machine on which the packets are captured; if a live capture
is being done, ``host byte order'' is the byte order of the machine
capturing the packets, and the PF_ values are those of the OS of
the machine capturing the packets, but if a ``savefile'' is being
read, the byte order and PF_ values are not necessarily those of
the machine reading the capture file."

Feature ticket #1445

rules/decoder-events.rules		diff \| blob \| blame \| history
src/Makefile.am		diff \| blob \| blame \| history
src/decode-events.h		diff \| blob \| blame \| history
src/decode-null.c	[new file with mode: 0644]	blob
src/decode-null.h	[new file with mode: 0644]	blob
src/decode.c		diff \| blob \| blame \| history
src/decode.h		diff \| blob \| blame \| history
src/detect-engine-event.h		diff \| blob \| blame \| history
src/source-pcap-file.c		diff \| blob \| blame \| history
src/source-pcap.c		diff \| blob \| blame \| history