On Wed, 28 Jul 1999, Guy Harris wrote:
> > And now I just patch a little to support Classical IP on a Linux box
> > but there's just few lines to add since sniffing on an CLIP ATM interface
> > brings you a beautifull IP packet and not more.
>
> Hmm. There's already a BPF data type for RFC 1483, which appears to
> leave an LLC/SNAP header on the packet; RFC 2225 "Classical IP and ARP
> over ATM" says that the default packet format for IP datagrams is RFC
> 1483 format.
>
> I guess the folks who did the classical IP support in your kernel chose
> a different way of doing SOCK_PACKET....
>
> Do you have a list of the link type codes on your Linux system?
>
> > So I just add, in packet.c, one case in the switch(link_layer_type) to
> > support it (LinkTypeCode is 19) and create packet-clip.c which is quite
> > exactly the same as packet-raw.c.
>
> I made a version of your patch that works with the current Ethereal CVS
> tree; the current Ethereal CVS tree uses the "wiretap" library to read
> capture files, so I had to add a new data link type to it, and code to
> translate the "libpcap" link type of 19 to that type; I'm tempted to
> call it WTAP_ENCAP_LINUX_ATM_CLIP or something, to make it clear that
> it's the Classical IP encapsulation that at least some Linux systems
> use, as distinct from WTAP_ENCAP_ATM_RFC1483 which is the one the
> standard "libpcap" does (probably from some flavor of BSD).
The ATM kernel code that does this came (at least in my case) from
http://lrcwww.epfl.ch/linux-atm , and was version 0.56 of the package.
It includes a patch to libpcap-0.4 source for capturing clip packets, and
those packets are returned as IP without any LLC header. The patch adds a
define to bpf/net/bpf.h:
#define DLT_ATM_CLIP 19 /* Classical-IP over ATM */
Keep in mind I'm not advocating this behavior-- im just providing the data
point. ;')
-jsj
