Added Linux Cooked PCAP support as per Tajni's patch.

Removed the -u option. That was originally used during development to figure out what additional rtypes I needed to add support for. I could eventually add the support back in, but at this point it's not super useful.

dns_parse.c

@@ -31,10 +31,9 @@ int main(int argc, char **argv) {
     config conf;
 
     int c;
-    int print_type_freq = 0;
     int arg_failure = 0;
 
-    const char * OPTIONS = "cdfhm:MnurtD:x:s:S";
+    const char * OPTIONS = "cdfhlm:MnrtD:x:s:S";
 
     // Setting configuration defaults.
     uint8_t TCP_SAVE_STATE = 1;
@@ -44,6 +43,7 @@ int main(int argc, char **argv) {
     conf.SEP = '\t';
     conf.AD_ENABLED = 0;
     conf.NS_ENABLED = 0;
+    conf.LINUX_COOKED = 0;
     conf.PRETTY_DATE = 0;
     conf.PRINT_RR_NAME = 0;
     conf.MISSING_TYPE_WARNINGS = 0;
@@ -63,6 +63,9 @@ int main(int argc, char **argv) {
             case 'f':
                 print_parsers();
                 return 0;
+            case 'l':
+                conf.LINUX_COOKED = 1;
+                break;
             case 'm':
                 conf.RECORD_SEP = optarg;
                 conf.SEP = '\n';
@@ -85,9 +88,6 @@ int main(int argc, char **argv) {
             case 't':
                 conf.PRETTY_DATE = 1; 
                 break;
-            case 'u':
-                print_type_freq = 1;
-                break;
             case 'D':
                 conf.DEDUPS = strtoul(optarg, NULL, 10);
                 if (conf.DEDUPS > 10000) {
@@ -192,6 +192,8 @@ int main(int argc, char **argv) {
         "-f\n"
         "   Print out documentation on the various resource \n"
         "   record parsers.\n"
+        "-l\n"
+        "   Parse Linux Cooked Capture format. \n"
         "-n\n"
         "   Enable the parsing and output of the Name Server\n"
         "   Records section. Disabled by default.\n"
@@ -217,9 +219,6 @@ int main(int argc, char **argv) {
         "-t \n"
         "   Print the time/date as in Y-m-d H:M:S (ISO 8601) format.\n"
         "   The time will be in the local timezone.\n"
-        "-u \n"
-        "   Print a record of the how many occurances of each class,type\n"
-        "   record occurred via stderr when processing completes.\n"
         "-x\n"
         "   Exclude the given reservation record types by \n"
         "   number. This option can be given multiple times.\n"
@@ -288,7 +287,7 @@ void handler(uint8_t * args, const struct pcap_pkthdr *orig_header,
 
     // Parse the ethernet frame. Errors are typically handled in the parser
     // functions. The functions generally return 0 on error.
-    pos = eth_parse(&header, packet, &eth);
+    pos = eth_parse(&header, packet, &eth, conf);
     if (pos == 0) return;
 
     // MPLS parsing is simple, but leaves us to guess the next protocol.

dns_parse.h

@@ -44,6 +44,7 @@ typedef struct {
     char * RECORD_SEP;
     int AD_ENABLED;
     int NS_ENABLED;
+    int LINUX_COOKED;
     int COUNTS;
     int PRETTY_DATE;
     int PRINT_RR_NAME;

network.c

@@ -6,7 +6,7 @@
 
 // Parse the ethernet headers, and return the payload position (0 on error).
 uint32_t eth_parse(struct pcap_pkthdr *header, uint8_t *packet,
-                   eth_info * eth) {
+                   eth_info * eth, config * conf) {
     uint32_t pos = 0;
 
     if (header->len < 14) {
@@ -20,6 +20,11 @@ uint32_t eth_parse(struct pcap_pkthdr *header, uint8_t *packet,
         pos++;
     }
     pos = pos + 6;
+
+    // Skip the extra 2 byte field inserted in "Linux Cooked" captures.
+    if (conf->LINUX_COOKED == 1) {
+        pos = pos + 2;
+    }
 
     // Skip VLAN tagging 
     if (packet[pos] == 0x81 && packet[pos+1] == 0) pos = pos + 4;

network.h

@@ -87,7 +87,7 @@ typedef struct {
 // Exceptions are noted.
 
 // No pos is passed, since we always start at 0.
-uint32_t eth_parse(struct pcap_pkthdr *, uint8_t *, eth_info *);
+uint32_t eth_parse(struct pcap_pkthdr *, uint8_t *, eth_info *, config *);
 // This mucks with the eth data, rather than having data of its own.
 uint32_t mpls_parse(uint32_t, struct pcap_pkthdr *, 
                     uint8_t *, eth_info *);