[543] in linux-net channel archive
How to hook PPP frames into tcpdump?
daemon@ATHENA.MIT.EDU (Al Longyear)
Mon Jun 19 18:18:29 1995
Date: Mon, 19 Jun 1995 14:04:46 -0700
To: linux-net@vger.rutgers.edu
From: Al Longyear <longyear@netcom.com>
I would like to use tcpdump to display the non-IP frames for the PPP link.
At the present time these frames can not be displayed because the protocol
that the daemon uses to communicate them to the driver bypasses the
networking layer completely. The daemon simply writes to the tty device and
the ppp driver intercepts the write.
Likewise, non-IP frames are given to the pending read operation from the
daemon to the tty driver.
So, what I would like to do is to somehow permit the frames to be read by
tcpdump. I have scoured the kernel source and, for the life of me, can not
find the hook that tcpdump uses to access the frames passing through the
networking system.
The best solution is to still allow the daemon to talk to the driver via the
tty channel but the driver to package up a copy of the buffer into a skb
block and deliver it to the raw device. I just can't find the proper
procedure to do this.
Does anyone have any clues that they can offer me on where I may look or
what procedure to call with the skb pointer so that the frames may be given
to the tcpdump program?
I know that it is in the kernel somewhere. I just can't seem to find the
proper procedure to handle tcpdump's sock_raw processing.
Many thanks.
--
Al Longyear longyear@netcom.com longyear@sii.com
The public pgp 2.6 key is available by fingering longyear@netcom.com.
