Argus, libpcap and ppp.
Yotam Rubin
yotam at makif.omer.k12.il
Wed Nov 7 16:52:43 EST 2001
On Wed, Nov 07, 2001 at 08:59:37PM +0200, Yotam Rubin wrote:
> Greetings,
>
> I recently received a bug report against argus indicating that argus
> does not handle ppp. Evidently, pcap_datalink() in ArgusInitSource() returns
> DLT_RAW even when handling a ppp interface. DLT_RAW is not supported, thus
> causing argus to exit. I confirmed this libpcap behavior outside argus.
> I'm using Debian's libpcap 0.6.2. I want to discuss the problem here prior
> to migrating the discussion to some libpcap related mailing list.
> Any ideas? BTW, the problem can be worked around by exchanging DLT_RAW's
> and DLT_PPP values in include/net/bpf.h, provided that you do not recompile
> libpcap using the modified header files. Am I doing something wrong or what?
The problem is in libpcap. The subroutine responsible for mapping Linux
interface types to DLT interface types is mapping ARPHRD_PPP to DLT_RAW.
I have no insight as to why this is done. I'll inquire the tcpdump
mailing list.
Regards, Yotam Rubin
>
> Regards, Yotam Rubin
More information about the argus
mailing list