From 8fe360f1e310a78e73f46dbd8eceb844c894f8fc Mon Sep 17 00:00:00 2001 From: Tom Piscitell Date: Sun, 27 Apr 2014 13:37:45 -0400 Subject: [PATCH 1/6] switch to github for submodules --- .gitmodules | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.gitmodules b/.gitmodules index 4998cc6b805..58e696a3f2d 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,21 +1,21 @@ [submodule "aux/bro-aux"] path = aux/bro-aux - url = git://git.bro.org/bro-aux + url = https://github.com/bro/bro-aux.git [submodule "aux/binpac"] path = aux/binpac - url = git://git.bro.org/binpac + url = https://github.com/bro/binpac.git [submodule "aux/broccoli"] path = aux/broccoli - url = git://git.bro.org/broccoli + url = https://github.com/bro/broccoli.git [submodule "aux/broctl"] path = aux/broctl - url = git://git.bro.org/broctl + url = https://github.com/bro/broctl.git [submodule "aux/btest"] path = aux/btest - url = git://git.bro.org/btest + url = https://github.com/bro/btest.git [submodule "cmake"] path = cmake - url = git://git.bro.org/cmake + url = https://github.com/bro/cmake.git [submodule "src/3rdparty"] path = src/3rdparty - url = git://git.bro.org/bro-3rdparty + url = https://github.com/bro/bro-3rdparty.git From 897a47f0b0770135b32a6a6d1338840f29fbe52b Mon Sep 17 00:00:00 2001 From: Tom Piscitell Date: Sun, 27 Apr 2014 14:40:59 -0400 Subject: [PATCH 2/6] Revert "switch to github for submodules" This reverts commit 8fe360f1e310a78e73f46dbd8eceb844c894f8fc. In hindsight, this was a dumb idea... --- .gitmodules | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.gitmodules b/.gitmodules index 58e696a3f2d..4998cc6b805 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,21 +1,21 @@ [submodule "aux/bro-aux"] path = aux/bro-aux - url = https://github.com/bro/bro-aux.git + url = git://git.bro.org/bro-aux [submodule "aux/binpac"] path = aux/binpac - url = https://github.com/bro/binpac.git + url = git://git.bro.org/binpac [submodule "aux/broccoli"] path = aux/broccoli - url = https://github.com/bro/broccoli.git + url = git://git.bro.org/broccoli [submodule "aux/broctl"] path = aux/broctl - url = https://github.com/bro/broctl.git + url = git://git.bro.org/broctl [submodule "aux/btest"] path = aux/btest - url = https://github.com/bro/btest.git + url = git://git.bro.org/btest [submodule "cmake"] path = cmake - url = https://github.com/bro/cmake.git + url = git://git.bro.org/cmake [submodule "src/3rdparty"] path = src/3rdparty - url = https://github.com/bro/bro-3rdparty.git + url = git://git.bro.org/bro-3rdparty From efff8d4e4ce87a682f7ec0320438948b64ba4ee5 Mon Sep 17 00:00:00 2001 From: Tom DeCanio Date: Mon, 8 Apr 2013 10:52:38 -0700 Subject: [PATCH 3/6] Napatech 3G support Conflicts: configure src/PktSrc.cc --- CMakeLists.txt | 10 +++++ config.h.in | 3 ++ configure | 4 ++ src/IOSource.cc | 56 ++++++++++++++++++++--- src/IOSource.h | 10 +++++ src/Net.cc | 7 ++- src/PktSrc.cc | 116 ++++++++++++++++++++++++++++++++++++++++++++++-- src/PktSrc.h | 19 +++++++- 8 files changed, 214 insertions(+), 11 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 87b99271c5e..91f3528f009 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -82,6 +82,16 @@ include_directories(BEFORE # Optional Dependencies +set(HAVE_NAPATECH_3GD false) +find_package(NAPATECH) +if (NAPATECH_FOUND) + set(HAVE_NAPATECH_3GD true) + set(CMAKE_REQUIRED_INCLUDES ${NAPATECH_INCLUDE}) + set(CMAKE_REQUIRED_LIBRARIES ${NAPATECH_LIBRARY}) + include_directories(BEFORE ${NAPATECH_INCLUDE}) + list(APPEND OPTLIBS ${NAPATECH_LIBRARY}) +endif () + set(USE_GEOIP false) find_package(LibGeoIP) if (LIBGEOIP_FOUND) diff --git a/config.h.in b/config.h.in index 2d065f755ea..eff97557efc 100644 --- a/config.h.in +++ b/config.h.in @@ -41,6 +41,9 @@ /* line editing & history powers */ #cmakedefine HAVE_READLINE +/* Define if you have napatech drivers installed */ +#cmakedefine HAVE_NAPATECH_3GD + /* Define if you have the `sigaction' function, but not `sigset'. */ #cmakedefine HAVE_SIGACTION diff --git a/configure b/configure index 5af2f25c8fc..ec2b9aaa7c0 100755 --- a/configure +++ b/configure @@ -66,6 +66,7 @@ Usage: $0 [OPTION]... [VAR=VALUE]... --with-dataseries=PATH path to DataSeries and Lintel libraries --with-xml2=PATH path to libxml2 installation (for DataSeries) --with-curl=PATH path to libcurl install root (for ElasticSearch) + --with-napaetch=PATH path to napatech installation Packaging Options (for developers): --binary-package toggle special logic for binary packaging @@ -257,6 +258,9 @@ while [ $# -ne 0 ]; do --with-curl=*) append_cache_entry LibCURL_ROOT_DIR PATH $optarg ;; + --with-napatech=*) + append_cache_entry NAPATECH_ROOT_DIR PATH $optarg + ;; --binary-package) append_cache_entry BINARY_PACKAGING_MODE BOOL true ;; diff --git a/src/IOSource.cc b/src/IOSource.cc index d47007caad1..aff988b3ead 100644 --- a/src/IOSource.cc +++ b/src/IOSource.cc @@ -26,6 +26,27 @@ void IOSourceRegistry::RemoveAll() IOSource* IOSourceRegistry::FindSoonest(double* ts) { + + IOSource* soonest_src = 0; + double soonest_ts = 1e20; + double soonest_local_network_time = 1e20; +#ifdef HAVE_NAPATECH_3GD + if (napatech_iosrc) + { + double local_network_time = 0; + double ts1 = napatech_iosrc->NextTimestamp(&local_network_time); + if ( ts1 > 0 && ts1 < soonest_ts ) + { + soonest_ts = ts1; + soonest_src = napatech_iosrc; + soonest_local_network_time = + local_network_time ? + local_network_time : ts1; + *ts = soonest_local_network_time; + return soonest_src; + } + } +#endif // Remove sources which have gone dry. For simplicity, we only // remove at most one each time. for ( SourceList::iterator i = sources.begin(); @@ -45,15 +66,18 @@ IOSource* IOSourceRegistry::FindSoonest(double* ts) ++call_count; - IOSource* soonest_src = 0; - double soonest_ts = 1e20; - double soonest_local_network_time = 1e20; bool all_idle = true; // Find soonest source of those which tell us they have something to // process. for ( SourceList::iterator i = sources.begin(); i != sources.end(); ++i ) { +#ifdef HAVE_NAPATECH_3GD + if ( (*i)->src == napatech_iosrc ) + { + continue; + } +#endif if ( ! (*i)->src->IsIdle() ) { all_idle = false; @@ -89,6 +113,12 @@ IOSource* IOSourceRegistry::FindSoonest(double* ts) { Source* src = (*i); +#ifdef HAVE_NAPATECH_3GD + if ( src->src == napatech_iosrc ) + { + continue; + } +#endif if ( ! src->src->IsIdle() ) // No need to select on sources which we know to // be ready. @@ -139,6 +169,12 @@ IOSource* IOSourceRegistry::FindSoonest(double* ts) i != sources.end(); ++i ) { Source* src = (*i); +#ifdef HAVE_NAPATECH_3GD + if ( src->src == napatech_iosrc ) + { + continue; + } +#endif if ( ! src->src->IsIdle() ) continue; @@ -166,11 +202,21 @@ IOSource* IOSourceRegistry::FindSoonest(double* ts) return soonest_src; } +#ifdef HAVE_NAPATECH_3GD +void IOSourceRegistry::RegisterNapatech(IOSource* src) + { + napatech_iosrc = src; + Source* s = new Source; + s->src = src; + return sources.push_back(s); + } +#endif + void IOSourceRegistry::Register(IOSource* src, bool dont_count) { - Source* s = new Source; - s->src = src; if ( dont_count ) ++dont_counts; + Source* s = new Source; + s->src = src; return sources.push_back(s); } diff --git a/src/IOSource.h b/src/IOSource.h index db50bbd2a94..2d05ba77823 100644 --- a/src/IOSource.h +++ b/src/IOSource.h @@ -55,7 +55,11 @@ class IOSource { class IOSourceRegistry { public: +#ifdef HAVE_NAPATECH_3GD + IOSourceRegistry() { napatech_iosrc=0; call_count = 0; dont_counts = 0; } +#else IOSourceRegistry() { call_count = 0; dont_counts = 0; } +#endif ~IOSourceRegistry(); // If dont_count is true, this source does not contribute to the @@ -64,6 +68,9 @@ class IOSourceRegistry { // processing will shut down. void Register(IOSource* src, bool dont_count = false); +#ifdef HAVE_NAPATECH_3GD + void RegisterNapatech(IOSource* src); +#endif // This may block for some time. IOSource* FindSoonest(double* ts); @@ -96,6 +103,9 @@ class IOSourceRegistry { typedef list SourceList; SourceList sources; +#ifdef HAVE_NAPATECH_3GD + IOSource* napatech_iosrc; +#endif }; extern IOSourceRegistry io_sources; diff --git a/src/Net.cc b/src/Net.cc index bca640b5d2d..8f59b4c0287 100644 --- a/src/Net.cc +++ b/src/Net.cc @@ -218,7 +218,12 @@ void net_init(name_list& interfaces, name_list& readfiles, else { pkt_srcs.append(ps); - io_sources.Register(ps); +#ifdef HAVE_NAPATECH_3GD + if (ps->IsNapatech()) + io_sources.RegisterNapatech(ps); + else +#endif + io_sources.Register(ps); } if ( secondary_filter ) diff --git a/src/PktSrc.cc b/src/PktSrc.cc index b5ac3a5d690..7bf998034ab 100644 --- a/src/PktSrc.cc +++ b/src/PktSrc.cc @@ -2,6 +2,9 @@ #include #include +#ifdef HAVE_NAPATECH_3GD +#include +#endif #include "config.h" @@ -27,7 +30,11 @@ PktSrc::PktSrc() netmask = 0xffffff00; pd = 0; idle = false; - +#ifdef HAVE_NAPATECH_3GD + napatech_stream=0; + napatech_buffer=0; + napatech_stream_number=0; +#endif next_sync_point = 0; first_timestamp = current_timestamp = next_timestamp = 0.0; first_wallclock = current_wallclock = 0; @@ -74,7 +81,50 @@ int PktSrc::ExtractNextPacket() idle = true; return 0; } +#ifdef HAVE_NAPATECH_3GD + if (napatech_stream) + { + if (last_data) + { + int status = NT_NetRxRelease(napatech_stream, napatech_buffer); + if (status != NT_SUCCESS) + { + NT_ExplainError(status, errbuf, sizeof(errbuf)); + return 0; + } + } + data = last_data = 0; + if (NT_NetRxGet(napatech_stream, &napatech_buffer, 0) == NT_SUCCESS) + { + + if ( NT_NET_GET_PKT_DESCRIPTOR_TYPE(napatech_buffer)==NT_PACKET_DESCRIPTOR_TYPE_NT) + { + uint64_t unixTime = (uint64_t)NT_NET_GET_PKT_TIMESTAMP(napatech_buffer); + data = last_data = (u_char*) NT_NET_GET_PKT_L2_PTR(napatech_buffer); + hdr.caplen = NT_NET_GET_PKT_CAP_LENGTH(napatech_buffer); + hdr.len = NT_NET_GET_PKT_WIRE_LENGTH(napatech_buffer); + /* + * gettimeofday(&hdr.ts, NULL); + */ + hdr.ts.tv_sec = (unixTime / 100000000); + hdr.ts.tv_usec = (unixTime % 100000000) * 10; + + /* debug packet dumper + printf("Got a packet %d %d\n", hdr.caplen, hdr.len); + unsigned i; + for (i = 0; i < hdr.len; i++) + { + printf("%02x ", data[i]); + if (((i + 1) % 16) == 0) printf("\n"); + } + printf("\n"); + */ + } + } + } + else +#endif data = last_data = pcap_next(pd, &hdr); if ( data && (hdr.len == 0 || hdr.caplen == 0) ) @@ -341,6 +391,12 @@ bool PktSrc::GetCurrentPacket(const struct pcap_pkthdr** arg_hdr, int PktSrc::PrecompileFilter(int index, const char* filter) { +#ifdef HAVE_NAPATECH_3GD + if (napatech_stream) + { + return 1; + } +#endif // Compile filter. BPF_Program* code = new BPF_Program(); @@ -413,6 +469,17 @@ void PktSrc::SetHdrSize() void PktSrc::Close() { +#ifdef HAVE_NAPATECH_3GD + if (napatech_stream) + { + NT_NetRxClose(napatech_stream); + napatech_stream = 0; + napatech_stream_number = 0; + closed = true; + reporter->Info("closed Napatech stream %i\n", napatech_stream_number); + } + else +#endif if ( pd ) { pcap_close(pd); @@ -448,6 +515,14 @@ void PktSrc::Statistics(Stats* s) if ( reading_traces ) s->received = s->dropped = s->link = 0; +#ifdef HAVE_NAPATECH_3GD + else if (napatech_stream) + { + //TODO finish + s->received = stats.received; + s->dropped = s->link = 0; + } +#endif else { struct pcap_stat pstat; @@ -489,9 +564,35 @@ PktInterfaceSrc::PktInterfaceSrc(const char* arg_interface, const char* filter, } interface = copy_string(arg_interface); - - // Determine network and netmask. uint32 net; + +#ifdef HAVE_NAPATECH_3GD + if ( strlen (interface)==3 && interface[0]=='n' && interface[1]=='t') + { + int status = NT_Init(NTAPI_VERSION); + if (status != NT_SUCCESS) + { + NT_ExplainError(status, errbuf, sizeof(errbuf)); + closed = true; + } + napatech_stream_number = atoi ((const char *)&interface[2]); + + char streamName [64]; + safe_snprintf (streamName, sizeof (streamName),"bro%u", napatech_stream_number+1); + status = NT_NetRxOpen(&napatech_stream, streamName, NT_NET_INTERFACE_PACKET, napatech_stream_number, -1); + if (status != NT_SUCCESS) + { + NT_ExplainError(status, errbuf, sizeof(errbuf)); + closed = true; + } + reporter->Info("opened Napatech stream %i\n", napatech_stream_number); + //SetHdrSize(); + datalink = DLT_EN10MB; + return; + } + else +#endif + // Determine network and netmask. if ( pcap_lookupnet(interface, &net, &netmask, tmp_errbuf) < 0 ) { // ### The lookup can fail if no address is assigned to @@ -669,8 +770,14 @@ PktDumper::PktDumper(const char* arg_filename, bool arg_append) if ( linktype < 0 ) linktype = DLT_EN10MB; +//#ifdef HAVE_NAPATECH_3GD +// linktype = DLT_EN10MB; +//#endif + pd = pcap_open_dead(linktype, snaplen); - if ( ! pd ) + //pd = pcap_open_dead(linktype, 8192); + + if ( ! pd ) { Error("error for pcap_open_dead"); return; @@ -802,3 +909,4 @@ int get_link_header_size(int dl) return -1; } + diff --git a/src/PktSrc.h b/src/PktSrc.h index 70eef4dd00e..48ed4ab84cb 100644 --- a/src/PktSrc.h +++ b/src/PktSrc.h @@ -15,6 +15,10 @@ extern "C" { #include } +#ifdef HAVE_NAPATECH_3GD +#include +#endif + declare(PDict,BPF_Program); // Whether a PktSrc object is used by the normal filter structure or the @@ -116,9 +120,17 @@ class PktSrc : public IOSource { void ConsumePacket() { data = 0; } int IsLive() const { return interface != 0; } - +#ifdef HAVE_NAPATECH_3GD + int IsNapatech() const { return napatech_stream != 0; } +#endif pcap_t* PcapHandle() const { return pd; } +#ifndef HAVE_NAPATECH_3GD int LinkType() const { return pcap_datalink(pd); } +#else + int LinkType() const { return ((napatech_stream == 0) ? + pcap_datalink(pd) : + DLT_EN10MB); } +#endif const char* ReadFile() const { return readfile; } const char* Interface() const { return interface; } @@ -187,6 +199,11 @@ class PktSrc : public IOSource { char* interface; // nil if not reading from an interface char* readfile; // nil if not reading from a file +#ifdef HAVE_NAPATECH_3GD + int napatech_stream_number; + NtNetStreamRx_t napatech_stream; + NtNetBuf_t napatech_buffer; +#endif pcap_t* pd; int selectable_fd; uint32 netmask; From b0f67619f6ea27a72c4cf2a70be59a7a77fac9a3 Mon Sep 17 00:00:00 2001 From: Tom DeCanio Date: Mon, 15 Apr 2013 08:55:20 -0700 Subject: [PATCH 4/6] Add brief NAPATECH.txt doc --- NAPATECH.txt | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 NAPATECH.txt diff --git a/NAPATECH.txt b/NAPATECH.txt new file mode 100644 index 00000000000..8a33d8f658e --- /dev/null +++ b/NAPATECH.txt @@ -0,0 +1,90 @@ +This contains support for Napatech adaptors using the Napatech 3GD drivers. + +To build Bro with Napatech adaptor support enabled do the following: + +./configure --with-napatech=/opt/napatech3/ +make +make install + +You may replace /opt/napatech3/ with the location where you've installed the +Napatech drivers. + +Other configuration options may be added to the configure line as well. + +Bro uses the Napatech NTPL to configure traffic balancing of packets across +Napatech streams as follows. + +Create a file similar to bro.ntpl below to set the adaptor's load balancing +options similar to the following. + +brobox:~$ cat bro.ntpl +HashMode[Priority = 0; Layer4Type = UDP, TCP, SCTP] = Hash5TupleSorted +HashMode[Priority = 1; Layer3Type = IPV4] = Hash2TupleSorted +Assign[StreamId=(0..3)] = All + +Prior to invoking Bro, install the NTPL configuration as follows. + +brobox:~$ /opt/napatech3/bin/ntpl -f bro.ntpl + +Modify your node.cfg file to match the load balancing performed by the Napatech +adaptor as directed by the NTPL configuration show above. + +The following example node.cfg file attaches the four Napatech streams created +above to four bro workers. + +You'll need to modify the example 10.1.1.10 IP address used below for your own +environment. + +# Example BroControl node configuration. +# +# This example has a standalone node ready to go except for possibly changing +# the sniffing interface. + +# This is a complete standalone configuration. Most likely you will +# only need to change the interface. +#[bro] +#type=standalone +#host=localhost +#interface=nt0 + +## Below is an example clustered configuration. If you use this, +## remove the [bro] node above. + +[manager] +type=manager +host=10.1.1.10 +# +[proxy-1] +type=proxy +host=10.1.1.10 +# +[worker-1] +type=worker +host=10.1.1.10 +interface=nt0 +# +[worker-2] +type=worker +host=10.1.1.10 +interface=nt1 +# +[worker-3] +type=worker +host=10.1.1.10 +interface=nt2 +# +[worker-4] +type=worker +host=10.1.1.10 +interface=nt3 + +Interfaces nt0, nt1, nt2 and nt3 correspond to the four Napatech streams +created by the Napatech NTPL. + +The configuration above can be a managed with broctl as follows: + +broctl install +broctl start + +You may modify bro.ntpl and node.cfg for alternative load balancing options +for fewer or more workers. From 20468d133b40ccd9554b8f02c6268d44d2178f15 Mon Sep 17 00:00:00 2001 From: Tom DeCanio Date: Mon, 13 May 2013 21:52:59 -0400 Subject: [PATCH 5/6] Fix >9 Napatech streams --- src/PktSrc.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/PktSrc.cc b/src/PktSrc.cc index 7bf998034ab..58a1579d875 100644 --- a/src/PktSrc.cc +++ b/src/PktSrc.cc @@ -567,7 +567,7 @@ PktInterfaceSrc::PktInterfaceSrc(const char* arg_interface, const char* filter, uint32 net; #ifdef HAVE_NAPATECH_3GD - if ( strlen (interface)==3 && interface[0]=='n' && interface[1]=='t') + if ( strlen (interface)>=3 && interface[0]=='n' && interface[1]=='t') { int status = NT_Init(NTAPI_VERSION); if (status != NT_SUCCESS) From e57568ca76ce7c23d4beccf86941383fe04497ab Mon Sep 17 00:00:00 2001 From: Tom Piscitell Date: Mon, 5 May 2014 13:05:49 -0400 Subject: [PATCH 6/6] Working Napatech support -Set packet header size correctly when using Napatech -Set caplen == wirelen since there is no "snaplen" concept with Napatech -Clarify tested Napatech packet header type in NAPATECH.txt --- NAPATECH.txt | 4 ++++ src/PktSrc.cc | 41 ++++++++++++++++++++++++----------------- 2 files changed, 28 insertions(+), 17 deletions(-) diff --git a/NAPATECH.txt b/NAPATECH.txt index 8a33d8f658e..1281902b94b 100644 --- a/NAPATECH.txt +++ b/NAPATECH.txt @@ -14,6 +14,10 @@ Other configuration options may be added to the configure line as well. Bro uses the Napatech NTPL to configure traffic balancing of packets across Napatech streams as follows. +Currently Bro only support Unix style timestamps and the NT Packet Descriptor, +the other types (Ext7, Ext8, etc..) have not been tested and results will be +unpredictable at best. + Create a file similar to bro.ntpl below to set the adaptor's load balancing options similar to the following. diff --git a/src/PktSrc.cc b/src/PktSrc.cc index 58a1579d875..f40b94c26ed 100644 --- a/src/PktSrc.cc +++ b/src/PktSrc.cc @@ -89,7 +89,7 @@ int PktSrc::ExtractNextPacket() int status = NT_NetRxRelease(napatech_stream, napatech_buffer); if (status != NT_SUCCESS) { - NT_ExplainError(status, errbuf, sizeof(errbuf)); + NT_ExplainError(status, errbuf, sizeof(errbuf)); return 0; } } @@ -98,29 +98,26 @@ int PktSrc::ExtractNextPacket() if (NT_NetRxGet(napatech_stream, &napatech_buffer, 0) == NT_SUCCESS) { - if ( NT_NET_GET_PKT_DESCRIPTOR_TYPE(napatech_buffer)==NT_PACKET_DESCRIPTOR_TYPE_NT) + if ( NT_NET_GET_PKT_DESCRIPTOR_TYPE(napatech_buffer) == NT_PACKET_DESCRIPTOR_TYPE_NT) { - uint64_t unixTime = (uint64_t)NT_NET_GET_PKT_TIMESTAMP(napatech_buffer); - data = last_data = (u_char*) NT_NET_GET_PKT_L2_PTR(napatech_buffer); - hdr.caplen = NT_NET_GET_PKT_CAP_LENGTH(napatech_buffer); - hdr.len = NT_NET_GET_PKT_WIRE_LENGTH(napatech_buffer); - /* - * gettimeofday(&hdr.ts, NULL); - */ - hdr.ts.tv_sec = (unixTime / 100000000); - hdr.ts.tv_usec = (unixTime % 100000000) * 10; - - /* debug packet dumper + uint64_t unixTime = (uint64_t)NT_NET_GET_PKT_TIMESTAMP(napatech_buffer); + data = last_data = (u_char*) NT_NET_GET_PKT_L2_PTR(napatech_buffer); + hdr.caplen = hdr.len = NT_NET_GET_PKT_WIRE_LENGTH(napatech_buffer); + hdr.ts.tv_sec = (unixTime / 100000000); + hdr.ts.tv_usec = (unixTime % 100000000) * 10; + + /* debug packet dumper printf("Got a packet %d %d\n", hdr.caplen, hdr.len); unsigned i; for (i = 0; i < hdr.len; i++) { - printf("%02x ", data[i]); + printf("%02x", data[i]); + if (i % 2 == 1) printf(" "); if (((i + 1) % 16) == 0) printf("\n"); } printf("\n"); */ - } + } } } else @@ -454,7 +451,17 @@ int PktSrc::SetFilter(int index) void PktSrc::SetHdrSize() { - int dl = pcap_datalink(pd); +#ifdef HAVE_NAPATECH_3GD + int dl; + if (napatech_stream) { + dl = DLT_EN10MB; + } + else { + dl = pcap_datalink(pd); + } +#else + int dl = pcap_datalink(pd); +#endif hdr_size = get_link_header_size(dl); if ( hdr_size < 0 ) @@ -586,7 +593,7 @@ PktInterfaceSrc::PktInterfaceSrc(const char* arg_interface, const char* filter, closed = true; } reporter->Info("opened Napatech stream %i\n", napatech_stream_number); - //SetHdrSize(); + SetHdrSize(); datalink = DLT_EN10MB; return; }