Handle Linux cooked capture

[Morthred]

Hi,
how can we detect packet has Linux cooked capture , actually i need its size because i need to take udp or tcp payload from packet like this;

packetBuffer.readerIndex(ethernet.size() + ip.size()+2).cast(Udp.class);

i can create ethernet by => Ethernet ethernet = packetBuffer.cast(Ethernet.class);
but i cant create ipV4 beacuse there is linux cooked capture in middle
normally i get ipV4 by => Ip4 ip = packetBuffer.readerIndex(ethernet.size()).cast(Ip4.class)

i see that length is generally 2 so i can use => Ip4 ip = packetBuffer.readerIndex(ethernet.size()+2).cast(Ip4.class);

but i am not sure

[ardikars]

You can use Pcap.datalinkt() to get capture Link Type (113 for SLL, see https://github.com/the-tcpdump-group/libpcap/blob/0e9c25dbafa59db60fb3068271a5d78339d06813/pcap/dlt.h#L251), then create your own Linux Cooked (SLL) class. SLL has 16 bytes in size (see https://github.com/the-tcpdump-group/libpcap/blob/0e9c25dbafa59db60fb3068271a5d78339d06813/pcap/sll.h#L85) and Ethernet has 14 bytes, that's why you need to +2 when you are using Ethernet.
For example:

Pcap pcap = ..;
PacketBuffer packetBuffer = ..;
int linkType = pcap.datalink();
if (linkType == 113) {
  LinuxCooked linuxCooked = packetBuffer.cast(LinuxCooked.class); 
  if (linuxCooked.protocol() == Ip4.TYPE) {
    Ip4 ip4 = packetBuffer.readerIndex(linuxCooked.size()).cast(Ip4.class);
  }
} else if (linkType == 1) {
  Ethernet ethernet = packetBuffer.cast(Ethernet.class);
  if (ethernet.type() == Ip4.TYPE) {
    Ip4 ip4 = packetBuffer.readerIndex(ethernet.size()).cast(Ip4.class);
  }
}

/// LinuxCooked.java
public class LinuxCooked extends AbstractPacket {

  private static final int SLL_ADDRLEN = 8;

  // offsets
  private final long packetType;
  private final long addressType;
  private final long addressLength;
  private final long address;
  private final long protocol;

  private LinuxCooked(PacketBuffer buffer) {
    super(buffer);
    packetType = offset;
    addressType = packetType + 2;
    addressLength = addressType + 2;
    address = addressLength + 2;
    protocol = address + SLL_ADDRLEN;
  }

  public int packetType() {
    return buffer.getShort(packetType);
  }

  public int addressType() {
    return buffer.getShort(addressType);
  }

  public int addressLength() {
    return buffer.getShort(addressLength);
  }

  public byte[] address() {
    byte[] addr = new byte[addressLength()];
    buffer.getBytes(address, addr);
    return addr;
  }

  public int protocol() {
    return buffer.getShort(protocol);
  }

  @Override
  protected int size() {
    return 16;
  }
}