Consider getting rid of libnet in PCAP logging mode. In PCAP mode, we only use libnet to construct the TCP/IP/Ether headers and to calculate the checksums. Libnet has some limitations, including some distributions shipping very old versions not supporting LIBNET_NONE, which leads to the requirement of root privileges in order to use PCAP logging on those systems. Also, libnet, while flexible, is not the most efficient implementation of TCP/IP/Ether header construction for our very limited use case.
Instead of using libnet, we could construct the headers manually using structs, like we already construct the PCAP headers. This would be an inherently portable approach.
Consider getting rid of libnet in PCAP logging mode. In PCAP mode, we only use libnet to construct the TCP/IP/Ether headers and to calculate the checksums. Libnet has some limitations, including some distributions shipping very old versions not supporting
LIBNET_NONE, which leads to the requirement of root privileges in order to use PCAP logging on those systems. Also, libnet, while flexible, is not the most efficient implementation of TCP/IP/Ether header construction for our very limited use case.Instead of using libnet, we could construct the headers manually using structs, like we already construct the PCAP headers. This would be an inherently portable approach.