> Wouldn't it be easier to turn on "kdebug" in pppd and write a little
> script to reformat the appropriate syslog entries for feeding into
> ethereal?
I don't think so - that procedure sounds *really* cumbersome and
kludgey; I fail to see why somebody who wants to see *all* the traffic
on a PPP line shouldn't simply be able to supply "pppN" to a
packet-capture program such as tcpdump or Ethereal. If you don't want
to see all the traffic, supply a capture filter.
> These mod.s are really, really stretching the meaning of "packet
> socket".
As far as I'm concerned, anything that purports to be a mechanism for
raw packet capture for sniffing should supply all traffic and should
supply all headers, including the link-layer header, period, end of
discussion.
Unless a "packet socket" isn't intended for raw packet capture for
sniffing, those changes would merely cause PPP on Linux to behave the
way it should when listened to by a raw packet socket; if a packet
socket *isn't* intended for raw packet capture for sniffing, a mechanism
should be provided that *is* so intended.
