From: Pierre Chifflier <chifflier@wzdftpd.net>
Date: Fri, 24 Nov 2017 07:15:33 +0000 (+0100)
Subject: Add support for PCAP LINKTYPE_IPV4
X-Git-Tag: suricata-4.1.0-beta1~532
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5748df3eed4d02b3048c1208e8c2b15ebd5fb6fa;p=thirdparty%2Fsuricata.git

Add support for PCAP LINKTYPE_IPV4
---

diff --git a/src/decode.h b/src/decode.h
index 7205ea94dc..76f71eca50 100644
--- a/src/decode.h
+++ b/src/decode.h
@@ -1090,6 +1090,7 @@ void DecodeGlobalConfig(void);
 /* http://www.tcpdump.org/linktypes.html defines DLT_RAW as 101, yet others don't.
  * Libpcap on at least OpenBSD returns 101 as datalink type for RAW pcaps though. */
 #define LINKTYPE_RAW2       101
+#define LINKTYPE_IPV4       228
 #define PPP_OVER_GRE        11
 #define VLAN_OVER_GRE       13
 
diff --git a/src/source-pcap-file.c b/src/source-pcap-file.c
index fb29773d1e..c71bb6bcca 100644
--- a/src/source-pcap-file.c
+++ b/src/source-pcap-file.c
@@ -326,6 +326,7 @@ TmEcode ReceivePcapFileThreadInit(ThreadVars *tv, const void *initdata, void **d
         case LINKTYPE_PPP:
             pcap_g.Decoder = DecodePPP;
             break;
+        case LINKTYPE_IPV4:
         case LINKTYPE_RAW:
         case LINKTYPE_RAW2:
             pcap_g.Decoder = DecodeRaw;