On Tue, Aug 30, 2011 at 05:56:54PM -0700, Guy Harris wrote:
> So how do you know how many TLVs there are? Is there a special "end of list"
> TLV?
Nope, you should read until end of message (packet).
PS: Sorry for late response, and thanks for assigning value :)
-
This is the tcpdump-workers lis
On Jun 20, 2011, at 3:21 AM, Jakub Zawadzki wrote:
> DLT_NFLOG starts with struct nfgenmsg header defined in
> ,
> which looks like (changed to stdint.h types + my comments in /** **/):
>
> struct nfgenmsg {
> uint8_t nfgen_family; /* AF_xxx */
>/** Linux AF-VALUES, AF_
On Jul 13, 2011, at 7:40 PM, Guy Harris wrote:
>
> On Jun 20, 2011, at 2:17 PM, Jakub Zawadzki wrote:
>
>> On Mon, Jun 20, 2011 at 01:54:43PM -0700, Guy Harris wrote:
>>> Are these structures likely to remain unchanged (other than new TLV types
>>> being added,
>>> and perhaps some TLVs chang
On Mon, Jun 20, 2011 at 3:21 AM, Jakub Zawadzki
wrote:
> DLT_NFLOG starts with struct nfgenmsg header defined in
> ,
> which looks like (changed to stdint.h types + my comments in /** **/):
Do you have a way of capturing traffic on a netlink socket?
I've wanted one very much, to capture NFQ and
On Jun 20, 2011, at 2:17 PM, Jakub Zawadzki wrote:
> On Mon, Jun 20, 2011 at 01:54:43PM -0700, Guy Harris wrote:
>> Are these structures likely to remain unchanged (other than new TLV types
>> being added,
>> and perhaps some TLVs changing length in a backwards-compatible fashion), so
>> that
Jakub Zawadzki wrote:
On Mon, Jun 20, 2011 at 11:17:20PM +0200, Jakub Zawadzki wrote:
If DLT_* registration process can be only done by someone who maintains
given protocol/interface than I'm not such person :)
Ping?
Jakub,
In your last email, you said that you couldn't answer so
On Mon, Jun 20, 2011 at 11:17:20PM +0200, Jakub Zawadzki wrote:
> If DLT_* registration process can be only done by someone who maintains
> given protocol/interface than I'm not such person :)
Ping?
Cheers,
Jakub
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
On Mon, Jun 20, 2011 at 01:54:43PM -0700, Guy Harris wrote:
> Are these structures likely to remain unchanged (other than new TLV types
> being added,
> and perhaps some TLVs changing length in a backwards-compatible fashion), so
> that older
> DLT_NFLOG captures won't be rendered unreadable by
On Jun 20, 2011, at 3:21 AM, Jakub Zawadzki wrote:
> DLT_NFLOG starts with struct nfgenmsg header defined in
> ,
> which looks like (changed to stdint.h types + my comments in /** **/):
...
> Known types are defined in enum nfulnl_attr_type
> ()
Are these structures likely to remain
On Mon, Jun 20, 2011 at 11:46:50AM -0700, Guy Harris wrote:
> And is there any packet data in there? For example, is that what's in
> NFULA_PAYLOAD TLVs?-
I'm not 100% sure if I undestand your question, but I think yes,
it's what current version of pcap-netfilter-linux.c is doing,
i.e. finding N
On Jun 20, 2011, at 3:21 AM, Jakub Zawadzki wrote:
> After which follow any numbers of TLVs.
>
> (Structure From header)
>
> struct nfattr {
> uint16_t nfa_len; /** length, including 4 bytes of header, host-order
> **/
> uint16_t nfa_type; /* we use 15 bits for the type, and the highe
Hi,
== START OF LEGAL NOTES ==
I haven't ready any documentation of nfnetlink, and this information was purely
got
from reading header and source files of Linux kernel, libnfnetlink[1] and
libnetfilter_log[2].
== END :-) ==
!!! All structures are aligned to 4B !!!
DLT_NFLOG starts with struct
12 matches
Mail list logo
