Karsten Keil wrote:
Hmm, I think it should be become a general feature, since filtering for inbound/outbound for pppd based connections is a common problem and not Linux specific.
But overwriting the 0xff might, or might not, be the way it's done on all other platforms. (Also, can't the address and control bytes be negotiated away on a PPP connection? If so, there's no place to put the direction flag; if any platform supports negotiating it away, it'd *have* to use a different mechanism.)
Even if other platforms use it, it should still be tied to pppd, e.g. DLT_PPPD_PPP_WITHDIRECTION, or perhaps just DLT_PPPD, to indicate that it's only the way that the direction is supplied with the special filtering for the benefit of pppd, and that this isn't supplied with normal PPP captures.
Note FreeBSD still use DLT_PPP yet and so run into the same problems with libpcap 0.8X (it cannot filter OUT/IN bound) with DLT_PPP of libpcap 0.8X versions, in libpcap 0.7X it was possible, because the in/outbound flag was implemented in DLT_PPP in the same way as now DLT_PPP_WITH_DIRECTION does.
But 0.7x allowed you to specify inbound or outbound when capturing on a PPP link, the fact that it didn't work nonwithstanding, so 0.8x is doing the right thing here (libpcap's primary purpose is for packet capture).
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
