/ 
NetPacket-1.8.0
River stage one • 5 direct dependents • 7 total dependents
⭐ Starred 10 GitHub stars
/ NetPacket::SLL

NAME

NetPacket::SLL - Assemble and disassemble Linux cooked capture (SLL) packets.

VERSION

version 1.8.0

SYNOPSIS

use NetPacket::SLL;

my $sll_obj = NetPacket::SLL->decode($raw_pkt);
my $sll_pkt = $sll_obj->encode();
my $sll_data = NetPacket::SLL::strip($raw_pkt);

DESCRIPTION

NetPacket::SLL provides a set of routines for assembling and disassembling packets using Linux cooked capture (libpcap SLL). Linux cooked capture is a pseudo-link-layer used by libpcap when capturing packets on the "any" device (because packets may have different link layer headers) or when the native link layer headers can't be used.

See https://gitlab.com/wireshark/wireshark/-/wikis/SLL and https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html for more details on the SLL protocol.

Methods

NetPacket::SLL->decode([RAW PACKET])

Decode the raw packet data given and return an object containing instance data. This method will quite happily decode garbage input. It is the responsibility of the programmer to ensure valid packet data is passed to this method.

$sll_obj->encode()

Return an SLL packet encoded with the instance data specified.

Functions

NetPacket::SLL::strip([RAW PACKET])

Return the encapsulated data (or payload) contained in the SLL packet. This data is suitable to be used as input for other NetPacket::* modules.

This function is equivalent to creating an object using the decode() constructor and returning the data field of that object.

Instance data

The instance data for the NetPacket::SLL object consists of the following fields.

type

The SLL packet type.

# SLL_TYPE_UNICAST
0, if the packet was specifically sent to us by somebody else;
# SLL_TYPE_BROADCAST
1, if the packet was broadcast by somebody else;
# SLL_TYPE_MULTICAST
2, if the packet was multicast, but not broadcast, by somebody else;
# SLL_TYPE_SENT_TO_OTHER
3, if the packet was sent to somebody else by somebody else;
# SLL_TYPE_SENT_BY_US
4, if the packet was sent by us.
htype

The device type as a Linux ARP hardware type.

src_addr

Up to the first 8 bytes of the source link-layer address for this packet as a hex string.

proto

The protocol type for the packet. Usually an ethernet protocol type, but the meaning depends on the device type as described at https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html.

data

The encapsulated data (payload) for this SLL packet.

Exports

default

none

tags

The following tags group together related exportable items.

:types
SLL_TYPE_UNICAST SLL_TYPE_BROADCAST SLL_TYPE_MULTICAST
SLL_TYPE_SENT_TO_OTHER SLL_TYPE_SENT_BY_US
:strip

Import the strip function sll_strip.

:ALL

All the above exportable items.

EXAMPLE

The following script prints the source address, device type, and protocol type of each packet to standard output.

#!/usr/bin/perl

use strict;
use warnings;
use Net::PcapUtils;
use NetPacket::SLL;

sub process_pkt {
    my ($user, $hdr, $pkt) = @_;
    my $sll_obj = NetPacket::SLL->decode($pkt);
    print("$sll_obj->{src_addr} $sll_obj->{htype} $sll_obj->{proto}\n");
}

Net::PcapUtils::loop(\&process_pkt);

COPYRIGHT

Copyright (c) 2021 Dan Book.

This module is free software. You can redistribute it and/or modify it under the terms of the Artistic License 2.0.

This program is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose.

AUTHOR

Dan Book <dbook@cpan.org>