From 8842b61d2f67c37b0c7469a97579996c50377f6a Mon Sep 17 00:00:00 2001
From: guy <guy>
Date: Thu, 11 Mar 2004 09:13:11 +0000
Subject: Add support for DLT_ value 99, as used by the Axent Raptor
 firewall/Symantec Enterprise Firewall.  Thanks, Axent/Symantec, for not
 asking us for a DLT_ value and not telling us about the link-layer type.

---
 pcap-bpf.h | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'pcap-bpf.h')

diff --git a/pcap-bpf.h b/pcap-bpf.h
index ef222e2..3dea4c9 100644
--- a/pcap-bpf.h
+++ b/pcap-bpf.h
@@ -37,7 +37,7 @@
  *
  *      @(#)bpf.h       7.1 (Berkeley) 5/7/91
  *
- * @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.15 2004-02-11 22:06:58 hannes Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.16 2004-03-11 09:13:11 guy Exp $ (LBL)
  */
 
 /*
@@ -180,6 +180,15 @@ struct bpf_version {
 #define DLT_PPP_SERIAL	50	/* PPP over serial with HDLC encapsulation */
 #define DLT_PPP_ETHER	51	/* PPP over Ethernet */
 
+/*
+ * The Axent Raptor firewall - now the Symantec Enterprise Firewall - uses
+ * a link-layer type of 99 for the tcpdump it supplies.  The link-layer
+ * header has 6 bytes of unknown data, something that appears to be an
+ * Ethernet type, and 36 bytes that appear to be 0 in at least one capture
+ * I've seen.
+ */
+#define DLT_SYMANTEC_FIREWALL	99
+
 /*
  * Values between 100 and 103 are used in capture file headers as
  * link-layer types corresponding to DLT_ types that differ
-- 
cgit v1.2.3