On Tue, Mar 12, 2013 at 7:21 PM, Roman Timofeev <cryptoloop@xxxxxxxxx> wrote: > Why use separate tool? > > to generate bpf-program dlt-raw header, you can use this trick here: > > 1. modprobe ipip > 2. root@wks0:~# tcpdump -i tunl0 -ddd 'udp' Cool. I wasn't aware of that trick. Still, it requires inserting a module and a tunnel. I also had to explicitly set the link status to up to get this to work. A separate tool without these dependencies and hoops may be useful. > tcpdump: WARNING: tunl0: no IPv4 address assigned > 15 > 48 0 0 0 > 84 0 0 240 > 21 0 5 96 > 48 0 0 6 > 21 8 0 17 > 21 0 8 44 > 48 0 0 40 > 21 5 6 17 > 48 0 0 0 > 84 0 0 240 > 21 0 3 64 > 48 0 0 9 > 21 0 1 17 > 6 0 0 65535 > 6 0 0 0 > > > this equal to generated by bpf_compile: > > root@wks0:~# ./bpf_compile RAW 'udp' > Using datalinktype RAW > 15 > 48 0 0 0 > 84 0 0 240 > 21 0 5 96 > 48 0 0 6 > 21 8 0 17 > 21 0 8 44 > 48 0 0 40 > 21 5 6 17 > 48 0 0 0 > 84 0 0 240 > 21 0 3 64 > 48 0 0 9 > 21 0 1 17 > 6 0 0 65535 > 6 0 0 0 > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
