tcpdump mailing list archives
Re: Request for a DLT value (for nflog)
From: Guy Harris <guy () alum mit edu>
Date: Mon, 20 Jun 2011 11:46:50 -0700
On Jun 20, 2011, at 3:21 AM, Jakub Zawadzki wrote:
After which follow any numbers of TLVs.
(Structure From <linux/netfilter/nfnetlink_compat.h> header)
struct nfattr {
uint16_t nfa_len; /** length, including 4 bytes of header, host-order **/
uint16_t nfa_type; /* we use 15 bits for the type, and the highest
*bit to indicate whether the payload is nested */
/** type, host-order */
/** uint8_t nfa_data[nfattr.nfa_len-4] **/
};
Known types are defined in enum nfulnl_attr_type (<linux/netfilter/nfnetlink_log.h>)
Some of these includes:
- NFULA_PAYLOAD=0x9 /* opaque data payload */
/** nfgen_family payload **/
- NFULA_PREFIX=0xa /* string prefix */
/** prefix (from --nflog-prefix) NUL-terminated */
- NFULA_UID=0xb /* user id of socket */
/** 4B in BE */
- NFULA_GID=0xe /* group id of socket */
/** 4B in BE */
...
And is there any packet data in there? For example, is that what's in NFULA_PAYLOAD TLVs?- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Request for a DLT value (for nflog) Jakub Zawadzki (Jun 20)
- Re: Request for a DLT value (for nflog) Guy Harris (Jun 20)
- Re: Request for a DLT value (for nflog) Jakub Zawadzki (Jun 20)
- Re: Request for a DLT value (for nflog) Guy Harris (Jun 20)
- Re: Request for a DLT value (for nflog) Jakub Zawadzki (Jun 20)
- Re: Request for a DLT value (for nflog) Guy Harris (Jun 20)