Updated sniffer to be able to handle the linux "any" interface.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@151 510a4753-2344-4c79-9c09-4d669213fbeb

server/pcap_capture.c

@@ -105,6 +105,9 @@ pcap_capture(fko_srv_options_t *opts)
         case DLT_EN10MB:
             opts->data_link_offset = 14;
             break;
+        case DLT_LINUX_SLL:
+            opts->data_link_offset = 16;
+            break;
         case DLT_NULL:
             opts->data_link_offset = 4;
             break;
@@ -139,6 +142,7 @@ pcap_capture(fko_srv_options_t *opts)
             pcap_errcnt = 0;
             continue;
         }
+
         /* If there was an error, complain and go on (to an extent
          * before giving up).
         */

server/process_packet.c

@@ -66,6 +66,12 @@ process_packet(unsigned char *args, const struct pcap_pkthdr *packet_header,
 
     unsigned short      pkt_len = packet_header->len;
 
+    /* This is a hack to determine if we are using the linux cooked
+     * interface.  We base it on the offset being 16 which is the
+     * value it would be if the datalink is DLT_LINUX_SLL.  I don't
+     * know if this is the correct way to do this, but it seems to work.
+    */
+    unsigned char       assume_cooked = (offset == 16 ? 1 : 0);
 
     /* Determine packet end.
     */
@@ -91,7 +97,7 @@ process_packet(unsigned char *args, const struct pcap_pkthdr *packet_header,
     /* When using libpcap, pkthdr->len for 802.3 frames include CRC_LEN,
      * but Ethenet_II frames do not.
     */
-    if (eth_type > 1500)
+    if (eth_type > 1500 || assume_cooked == 1)
     {
         pkt_len += ETHER_CRC_LEN;
 
@@ -124,7 +130,6 @@ process_packet(unsigned char *args, const struct pcap_pkthdr *packet_header,
     if (ip_hdr_words < MIN_IPV4_WORDS)
         return;
 
-
     /* Now, find the packet data payload (depending on IPPROTO).
     */
     src_ip  = iph_p->saddr;