search

appneta / tcpreplay

Pcap editing and replay tools for *NIX and Windows - Users please download source from
http://tcpreplay.appneta.com/wiki/installation.html#downloads
1.16k stars 268 forks source link

[Feature] Add support for DLT_LINUX_SLL2 #727

Closed tsaarni closed 10 months ago

tsaarni commented 2 years ago

I have capture file that uses DLT_LINUX_SLL2 link layer format https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL2.html. It is used by default by tcpdump. When trying to run tcprewrite following error is printed since the link type LINKTYPE_LINUX_SLL2 (276) is not recognized

Fatal Error: Error initializing tcpedit: From plugins/dlt_plugins.c:tcpedit_dlt_init() line 148:
No DLT plugin available for source DLT: 0x114

It would be great to see support for DLT_LINUX_SLL2.

fklassen commented 1 year ago

Thanks for the PR. I do enhancement releases about once a year. Queued for 4.5 release. Do you have test PCAPs? Will have to update current tests.

tsaarni commented 1 year ago

In case he is not subscribed to this issue I'll Cc @btriller who kindly impemented the PR!

tsaarni commented 1 year ago

Attaching example capture file linux-cooked2-example.pcap.zip

esemeniuc commented 1 year ago

Would love to see this also!

esemeniuc commented 1 year ago

A workaround in the meantime is to manually set the data link type (DLT) in tcpdump using the --linktype flag, eg

sudo tcpdump -i lo dst 127.0.0.1 and dst port 9000 -X -n --linktype EN10MB -w demo.pcap
fklassen commented 10 months ago

Implemented in PR's #728 and #820. Will be available in v4.5.0