Project

General

Profile

Actions

Bug #6954

open

eve: packet field packet_info.linktype is non-portable

Added by Victor Julien 7 months ago. Updated 2 months ago.

Status:
In Review
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

This field holds a numeric representation of the linktype/datalink, but this number can differ between operating systems. Most notably DLT_RAW is has value 12 on linux and 14 on OpenBSD.

It would probably be best to use a string representation. Following capinfos might make sense:

File encapsulation:  Raw IP

Interface #0 info:
                     Encapsulation = Raw IP (7 - rawip)

Could do "Raw IP" or follow the "rawip" notation.

Regardless this should be in a new field.

Actions

Also available in: Atom PDF