[Bug 969] New: Include L2 information in PCAP output

Thu Aug 14 10:11:02 CEST 2014

https://bugzilla.netfilter.org/show_bug.cgi?id=969

           Summary: Include L2 information in PCAP output
           Product: ulogd
           Version: SVN (please provide timestamp)
          Platform: x86_64
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ulogd
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: anjonms at gmx.com
   Estimated Hours: 0.0

Hello,

I have been trying to parse PCAP files generated by the latest version of
ULOGD2 with PacketQ (https://github.com/dotse/packetq), without success.

sbin/ulogd -V 
ulogd Version 2.0.4
(C) 2000-2006 Harald Welte <laforge at netfilter.org>
(C) 2008-2012 Pablo Neira Ayuso <pablo at netfilter.org>
(C) 2008-2012 Eric Leblond <eric at regit.org>

PacketQ needs link-layer information to be present in the PCAP file to be able
to parse it correctly.

After a quick search, I found the following discussion on your mailing list :

http://marc.info/?l=netfilter&m=140625326302696&w=2

Since I did not find an opened ticket regarding this, I figured I'd create one.

"Another solution would be to add an options forcing the layer2 type for all
logged packets of given pcap output. This would allow to use kernel provided
layer2 information and write fully qualified packets for encapsulation like
Ethernet."

This solution would be enough for my needs !

Thanks.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.