--- Begin Message ---
On 12/06/2020 07:31, Guy Harris via tcpdump-workers wrote:
> François checked in a change to tcpdump so that, if it's handed a capture
> file with a link-layer header type for which it has no dissector, it just
> dumps the packet data in hex, rather than failing with an indication that the
> header type isn't supported.
>
> However, pcap_compile(), in *libpcap*, will fail with an unknown header type
> - and tcpdump always hands a filter to pcap_compile(), even if it's a null
> string (which means "accept every packet").
>
> It doesn't fail with *known* filter types for which most filters are
> unsupported, it just rejects most of them (other than "link[M:N]").
>
> Is there any reason *not* handle link-layer types unknown to libpcap in
> pcap_compile()?
No reason.
We should decode them in hex/ASCII like with the previous change with perhaps a
warning like:
"Warning: link-type 290 is not in libpcap range"
--- End Message ---
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
