On Mon, Jun 20, 2011 at 01:54:43PM -0700, Guy Harris wrote:
> Are these structures likely to remain unchanged (other than new TLV types
> being added,
> and perhaps some TLVs changing length in a backwards-compatible fashion), so
> that older
> DLT_NFLOG captures won't be rendered unreadable by
On Jun 20, 2011, at 3:21 AM, Jakub Zawadzki wrote:
> DLT_NFLOG starts with struct nfgenmsg header defined in
> ,
> which looks like (changed to stdint.h types + my comments in /** **/):
...
> Known types are defined in enum nfulnl_attr_type
> ()
Are these structures likely to remain
On Mon, Jun 20, 2011 at 11:46:50AM -0700, Guy Harris wrote:
> And is there any packet data in there? For example, is that what's in
> NFULA_PAYLOAD TLVs?-
I'm not 100% sure if I undestand your question, but I think yes,
it's what current version of pcap-netfilter-linux.c is doing,
i.e. finding N
On Jun 20, 2011, at 3:21 AM, Jakub Zawadzki wrote:
> After which follow any numbers of TLVs.
>
> (Structure From header)
>
> struct nfattr {
> uint16_t nfa_len; /** length, including 4 bytes of header, host-order
> **/
> uint16_t nfa_type; /* we use 15 bits for the type, and the highe
Hi,
== START OF LEGAL NOTES ==
I haven't ready any documentation of nfnetlink, and this information was purely
got
from reading header and source files of Linux kernel, libnfnetlink[1] and
libnetfilter_log[2].
== END :-) ==
!!! All structures are aligned to 4B !!!
DLT_NFLOG starts with struct
