[Snort-devel] DLT_I4L_CISCOHDLC

Stephen Donnelly stephen at ...1784...
Thu Jan 16 17:46:04 EST 2003


Hi,

I've been working on Snort for use with SONET interfaces recently, and was 
curious about DLT_I4L_CISCOHDLC. Can anyone tell me where this is defined, or 
where it comes from?

bpf.h on my Linux box currently defines DLT_C_HDLC as type 104, and suggests 
that back as far as libpcap 0.5 the type was called DLT_CHDLC. Is there some 
reason that Snort uses this I4L code rather than the 'standard' libpcap types?

It also seems that DecodeI4LCiscoIPPkt() hardcodes offsets and calls DecodeIP() 
only, rather than considering ARP or other packet types.

Thanks,
Stephen.
-- 
-----------------------------------------------------------------------
     Stephen Donnelly BCMS PhD           email: sfd at ...1784...
     Endace Technology Ltd   	        phone: +64 7 839 0540
     Hamilton, New Zealand               cell:  +64 21 1104378
-----------------------------------------------------------------------





More information about the Snort-devel mailing list