Add support for reading capture files from programs using Alexey
Kuznetzov's patched version of libpcap; we ignore the additional fields
it adds to the per-packet header. Red Hat Linux 6.2 uses that patched
version, and some other Linux distributions might do so as well.
(This won't handle an early version of his patch, which changed the
per-packet header but didn't change the magic number; that early version
appears in Red Hat Linux 6.1.
Doing that requires a heuristic test, wherein we assume the file is
standard libpcap and try to read the first and second records, and, if
the header of the second record looks like garbage, assume that the file
came from that early version, and that we're therefore reading random
packet data when we think we're reading the header of the second packet.
As we don't then want to seek back to the first packet, because we want
to continue to allow libpcap-based programs such as tcpdump to read from
pipes, we'd have to buffer data from the file so that we can go back and
re-read it. I leave this for later.)
projects / libpcap / commit
