Add link-layer header type for Linux vsock.

Linux 4.12 has the vsockmon kernel module for AF_VSOCK packet capture.
AF_VSOCK is used for host<->guest communication between a hypervisor and
virtual machines.  It is supported by VMware and KVM.

Traffic can be captured as follows:

  # modprobe vsockmon
  # ip link add type vsockmon
  # ip link set vsockmon0 up

diff --git a/pcap-linux.c b/pcap-linux.c
index 179fd348acfc652db5dc9d462e608cebcb853d10..34b08c01e8250e908194633c2536ff3581834679 100644 (file)
--- a/pcap-linux.c
+++ b/pcap-linux.c
@@ -3306,6 +3306,13 @@ static void map_arphrd_to_dlt(pcap_t *handle, int sock_fd, int arptype,
                /* handlep->cooked = 1; */
                break;
 
+#ifndef ARPHRD_VSOCKMON
+#define ARPHRD_VSOCKMON        826
+#endif
+       case ARPHRD_VSOCKMON:
+               handle->linktype = DLT_VSOCK;
+               break;
+
        default:
                handle->linktype = -1;
                break;

diff --git a/pcap.c b/pcap.c
index bb5e648b192822ddea439f26ce191896d5bca9e9..b9ec322e983d5deab732694fab6164d535a3562e 100644 (file)
--- a/pcap.c
+++ b/pcap.c
@@ -2090,6 +2090,7 @@ static struct dlt_choice dlt_choices[] = {
        DLT_CHOICE(OPENFLOW, "OpenBSD DLT_OPENFLOW"),
        DLT_CHOICE(SDLC, "IBM SDLC frames"),
        DLT_CHOICE(TI_LLN_SNIFFER, "TI LLN sniffer frames"),
+       DLT_CHOICE(VSOCK, "Linux vsock"),
        DLT_CHOICE_SENTINEL
 };