From 276252aafec9625bd9dd0ea23d94fff1b240021f Mon Sep 17 00:00:00 2001
From: tjwalton <15825356+tjwalton@users.noreply.github.com>
Date: Fri, 14 May 2021 19:25:12 +0100
Subject: [PATCH] Add support for Linux cooked capture v2, SLL2. (#569)

Co-authored-by: Thomas Walton <thomwalt@cisco.com>
---
 dpkt/__init__.py |  1 +
 dpkt/pcap.py     |  3 ++-
 dpkt/sll2.py     | 54 ++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 dpkt/sll2.py

diff --git a/dpkt/__init__.py b/dpkt/__init__.py
index 13aabab5..9567d312 100644
--- a/dpkt/__init__.py
+++ b/dpkt/__init__.py
@@ -62,6 +62,7 @@
 from . import sctp
 from . import sip
 from . import sll
+from . import sll2
 from . import smb
 from . import ssl
 from . import stp
diff --git a/dpkt/pcap.py b/dpkt/pcap.py
index 267941d1..ff70751f 100644
--- a/dpkt/pcap.py
+++ b/dpkt/pcap.py
@@ -128,6 +128,7 @@
 DLT_ZWAVE_R3 = 262
 DLT_WATTSTOPPER_DLM = 263
 DLT_ISO_14443 = 264
+DLT_LINUX_SLL2 = 276
 
 if sys.platform.find('openbsd') != -1:
     DLT_LOOP = 12
@@ -138,7 +139,7 @@
 
 dltoff = {DLT_NULL: 4, DLT_EN10MB: 14, DLT_IEEE802: 22, DLT_ARCNET: 6,
           DLT_SLIP: 16, DLT_PPP: 4, DLT_FDDI: 21, DLT_PFLOG: 48, DLT_PFSYNC: 4,
-          DLT_LOOP: 4, DLT_LINUX_SLL: 16}
+          DLT_LOOP: 4, DLT_LINUX_SLL: 16, DLT_LINUX_SLL2: 20}
 
 
 class PktHdr(dpkt.Packet):
diff --git a/dpkt/sll2.py b/dpkt/sll2.py
new file mode 100644
index 00000000..da2199f7
--- /dev/null
+++ b/dpkt/sll2.py
@@ -0,0 +1,54 @@
+# -*- coding: utf-8 -*-
+"""Linux libpcap "cooked v2" capture encapsulation."""
+from __future__ import absolute_import
+
+from . import arp
+from . import dpkt
+from . import ethernet
+
+
+class SLL2(dpkt.Packet):
+    """Linux libpcap "cooked v2" capture encapsulation.
+
+    See https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL2.html
+
+    Attributes:
+        __hdr__: Header fields of SLLv2.
+    """
+
+    __hdr__ = (
+        ('ethtype', 'H', ethernet.ETH_TYPE_IP),
+        ('mbz', 'H', 0),  # reserved
+        ('intindex', 'i', 0),  # the 1-based index of the interface on which the packet was observed
+        ('hrd', 'H', arp.ARP_HRD_ETH),
+        ('type', 'B', 0),  # 0: to us, 1: bcast, 2: mcast, 3: other, 4: from us
+        ('hlen', 'B', 6),  # hardware address length
+        ('hdr', '8s', b''),  # first 8 bytes of link-layer header
+    )
+    _typesw = ethernet.Ethernet._typesw
+
+    def unpack(self, buf):
+        dpkt.Packet.unpack(self, buf)
+        try:
+            self.data = self._typesw[self.ethtype](self.data)
+            setattr(self, self.data.__class__.__name__.lower(), self.data)
+        except (KeyError, dpkt.UnpackError):
+            pass
+
+
+def test_sll2():
+    sll2data = (b'\x08\x00\x00\x00\x00\x00\x00\x03\x00\x01\x00\x06\x00\x0b\xdb\x52\x0e\x08\xf6\x7f'
+                b'\x45\x00\x00\x34\xcc\x6c\x40\x00\x40\x06\x74\x08\x82\xd9\xfa\x8e\x82\xd9\xfa\x0d')
+    sll2test = SLL2(sll2data)
+    assert sll2test.type == 0
+    assert sll2test.mbz == 0
+    assert sll2test.intindex == 3
+    assert sll2test.hrd == 1
+    assert sll2test.hlen == 6
+    assert sll2test.hdr == b'\x00\x0b\xdb\x52\x0e\x08\xf6\x7f'
+    assert sll2test.ethtype == 0x0800
+
+    # give invalid ethtype of 0x1234 to make sure error is handled
+    sll2data2 = (b'\x12\x34\x00\x00\x00\x00\x00\x03\x00\x01\x00\x06\x00\x0b\xdb\x52\x0e\x08\xf6\x7f'
+                b'\x45\x00\x00\x34\xcc\x6c\x40\x00\x40\x06\x74\x08\x82\xd9\xfa\x8e\x82\xd9\xfa\x0d')
+    sll2test2 = SLL2(sll2data2)