From 8842b61d2f67c37b0c7469a97579996c50377f6a Mon Sep 17 00:00:00 2001 From: guy Date: Thu, 11 Mar 2004 09:13:11 +0000 Subject: Add support for DLT_ value 99, as used by the Axent Raptor firewall/Symantec Enterprise Firewall. Thanks, Axent/Symantec, for not asking us for a DLT_ value and not telling us about the link-layer type. --- gencode.c | 9 ++++++++- pcap-bpf.h | 11 ++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/gencode.c b/gencode.c index c94be34..ce9a490 100644 --- a/gencode.c +++ b/gencode.c @@ -21,7 +21,7 @@ */ #ifndef lint static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.199 2004-01-31 01:54:43 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.200 2004-03-11 09:13:11 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -998,6 +998,13 @@ init_linktype(type) off_nl = -1; off_nl_nosnap = -1; return; + + case DLT_SYMANTEC_FIREWALL: + off_linktype = 6; + off_nl = 44; /* Ethernet II */ + off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */ + return; + } bpf_error("unknown data link type %d", linktype); /* NOTREACHED */ diff --git a/pcap-bpf.h b/pcap-bpf.h index ef222e2..3dea4c9 100644 --- a/pcap-bpf.h +++ b/pcap-bpf.h @@ -37,7 +37,7 @@ * * @(#)bpf.h 7.1 (Berkeley) 5/7/91 * - * @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.15 2004-02-11 22:06:58 hannes Exp $ (LBL) + * @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.16 2004-03-11 09:13:11 guy Exp $ (LBL) */ /* @@ -180,6 +180,15 @@ struct bpf_version { #define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */ #define DLT_PPP_ETHER 51 /* PPP over Ethernet */ +/* + * The Axent Raptor firewall - now the Symantec Enterprise Firewall - uses + * a link-layer type of 99 for the tcpdump it supplies. The link-layer + * header has 6 bytes of unknown data, something that appears to be an + * Ethernet type, and 36 bytes that appear to be 0 in at least one capture + * I've seen. + */ +#define DLT_SYMANTEC_FIREWALL 99 + /* * Values between 100 and 103 are used in capture file headers as * link-layer types corresponding to DLT_ types that differ -- cgit v1.2.3