On Wed, Jun 05, 2002 at 11:50:02PM +0200, Ferm�n Gal�n M�rquez wrote:
> I'm working on a implementation of Snort
> (a NIDS that you maybe know) over ATM.
> Due to Snort uses libpcap to cature
> packets, I would like to know if this
> library supports ATM (my past experiences
> with libpcaps are bounded to Ethernet :)
Unfortunately, there's no single "ATM" for it to support.
Currently, it *should* support:
BSD BPF on platforms that support LLC encapsulation
(DLT_ATM_RFC1483);
Linux for ARPHRD_ATM.
> I remember from the RFCs that there are
> diferent ways to encapsulate IP over
> ATM (LLC/SNAP and VC multiplexing).
> In our case, we are using VC multiplexing
> (no LLC/SNAP header starting packets).
VC multiplexing is tricky, as you'd have to know what type of traffic is
going over the VC.
For Linux, given that we use cooked mode, the packets delivered to the
PF_PACKET socket should have a protocol type in the skbuff, so that
should work.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
