On Sat, Feb 15, 2014 at 01:41:41PM -0800, Guy Harris wrote:
>
> On Feb 15, 2014, at 12:17 PM, Luigi Rizzo <ri...@iet.unipi.it> wrote:
>
> > + p->linktype = DLT_EN10MB;
>
> So this either
>
> 1) only works on Ethernet devices and devices that supply Ethernet
> headers
>
> or
>
> 2) generates Ethernet headers that replace the native link-layer
> headers for devices that don't supply Ethernet headers?
it is #1.
>
> > @@ -307,6 +311,9 @@ struct capture_source_type {
> > int (*findalldevs_op)(pcap_if_t **, char *);
> > pcap_t *(*create_op)(const char *, char *, int *);
> > } capture_source_types[] = {
> > +#ifdef PCAP_SUPPORT_NETMAP
> > + { NULL, pcap_netmap_create },
> > +#endif
> > #ifdef HAVE_DAG_API
> > { dag_findalldevs, dag_create },
> > #endif
>
> This means that "tcpdump -D/tshark -D" and the Wireshark GUI won't show
> netmap or vale devices; for command-line tools, this means you have to enter
> those devices manually, but it might make it impossible to capture on those
> devices in the Wireshark GUI.
>
> Can you enumerate the netmap and vale devices? If so, you should have a
> findalldevs routine.
Netmap works at least on any interface visible to the OS
(in native or emulated mode, the latter with some limitations
e.g not when the interface is bound to a switch),
but ports of VALE switches and netmap pipes are dynamically created
so any name that starts with netmap: and vale results in a
valid netmap port.
Also, when a port is in netmap mode is temporarily disconnected from
the host stack, so you want to be careful on where you use it.
The monitoring folks (bro, suricata...) will probably love this
feature but for others it might be more problematic.
I did have a findalldevs routine in earlier versions of the code
(mostly copying the one in pcap-bpf; perhaps i could even hook
on those),
but removed it because it can only return a partial list of ports
and i thought it would not be very useful.
cheers
luigi
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
