[544] in linux-net channel archive
Re: How to hook PPP frames into tcpdump?
daemon@ATHENA.MIT.EDU (Michael Callahan)
Mon Jun 19 20:55:27 1995
Date: Tue, 20 Jun 1995 01:03:40 +0100 (BST)
From: Michael Callahan <callahan@maths.ox.ac.uk>
To: Al Longyear <longyear@netcom.com>
cc: linux-net@vger.rutgers.edu
In-Reply-To: <199506192104.OAA00720@sii-9-1.sii.com>
On Mon, 19 Jun 1995, Al Longyear wrote:
> I have scoured the kernel source and, for the life of me, can not
> find the hook that tcpdump uses to access the frames passing through the
> networking system.
Hi Al,
The code you want to look at is the two loops in net/inet/dev.c which
loop through the packet_type linked list starting at ptype_base.
You need a loop like that, forwarding your PPP-link-layer skbuff to any
packet_type entry with ptype->type == htons(ETH_P_ALL). (You do need a
loop here: if there are multiple tcpdump's running simultaneously, then
they will each have a separate entry in the ptype_base linked list.)
packet.c contains the code that actually handles forwarding the packets
up to the tcpdump process.
I hope this is helpful. Two issues I don't understand are:
1) what skb->len should be when you call the ptype->func function
2) how the PPP framing is disentangled by tcpdump, which I assume expects
to get packets with ethernet framing
Michael
