no VLAN support for data link type 12 about joy HOT 7 CLOSED

this error is coming from libpcap. As you can see here https://linux.die.net/man/7/pcap-linktype, libpcap does not support a link type of 12. I am curious, what kind of link layer do you believe the packets are using? Do you have the cap file of the data and can it be sent to us for examination?

from joy.

Actually, my pcap files are made of raw packets without link layers. I intuitively thought parsing raw IP packets would not be a problem. The cap file of the data is captured from TUN interface in a phone. It's OK to send you the file for examination. What I do concern is how to fix the problem. Any suggestions?

from joy.

Joy leverages the libpcap library to bring the packet information into the code base. Joy does not pull packets off the wire or read in raw data itself. In order to get Joy to process your raw packets, you are going to have to put some type of link layer data on it, so that a tool like libpcap can process and hand the data off to Joy.

Now, you could mess around with joy.c and have it read in the file as raw data and then modify a few of the routines (process_packet) to accept just an IP packet with no other information. I do not believe this would difficult at all. Process_packet takes in 3 parameters. The first parameter can be NULL. The second can be faked as it is the PCAP library header. The third parameter is a pointer to the actual data packet. If you take a look in process_packet, it should be pretty clear what you would need to do. Then you just need to modify joy.c to read and feed your data format.

This isn't something we support today. However, if you can figure out a elegant way to implement the code and not break the libpcap implementation, you could do a pull-request and we could look at merging in your changes for others to utilize.

from joy.

It's quite simple to modify process_packet() to feed raw IP packets. The previous problem is actually caused by calling pcap_compile() when reading a pcap file in process_pcap_file(). I don't see why pcap_compile() fails when feeding LINKTYPE_RAW files. So I had to delete the set-filter part in my code.

from joy.

Glad you found a workaround. If you could send along your diffs, we can take a look at them and see what we can incorporate into the repo. Thanks!

from joy.

closed per work around

from joy.

I have encounter the same problem for some loopback packets with just 0x20000000 flag in eth layer. Also i have to remove the set-filter part and process this flag in process_packet like:

uint32_t loopback_flag = htonl(*(const uint32_t *)(packet + 0));
if(loopback_flag == 0X02000000){...}

from joy.