You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Victor Julien 04ccfda639 pcap: implement LINKTYPE_NULL ... Implement LINKTYPE_NULL for pcap live and pcap file. From: http://www.tcpdump.org/linktypes.html "BSD loopback encapsulation; the link layer header is a 4-byte field, in host byte order, containing a PF_ value from socket.h for the network-layer protocol of the packet. Note that ``host byte order'' is the byte order of the machine on which the packets are captured, and the PF_ values are for the OS of the machine on which the packets are captured; if a live capture is being done, ``host byte order'' is the byte order of the machine capturing the packets, and the PF_ values are those of the OS of the machine capturing the packets, but if a ``savefile'' is being read, the byte order and PF_ values are not necessarily those of the machine reading the capture file." Feature ticket #1445		11 years ago
..
Makefile.am	rules: add app layer events rules	11 years ago
app-layer-events.rules	rules: add app layer events rules	11 years ago
decoder-events.rules	pcap: implement LINKTYPE_NULL	11 years ago
dns-events.rules	…
files.rules	Duplicate rule ID.	11 years ago
http-events.rules	http: add event for suspicious method delimeter	11 years ago
modbus-events.rules	App-layer: Add Modbus protocol parser	11 years ago
smtp-events.rules	SMTP MIME Email Message decoder	11 years ago
stream-events.rules	stream: detect and filter out bad window updates	11 years ago
tls-events.rules	…