[Feature] Add capability to print interface name

[guyharris]

Converted from SourceForge issue 2223028, submitted by inigo78

Just a switch to print the interface name with each packet.

When using "-i any" it could be very useful.

See at r1.22 in:

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/tcpdump/util.c

Ther is just two lines of code.

A lot of tanks.

[infrastation]

For memory: the suggested change is below.

--- src/usr.sbin/tcpdump/util.c 2006/04/22 18:24:33 1.21
+++ src/usr.sbin/tcpdump/util.c 2007/08/28 13:52:06 1.22
@@ -128,6 +128,8 @@ ts_print(register const struct bpf_timeval *tvp)
    struct timeval diff;
    time_t t;

+   if (Iflag && device)
+       (void)printf("%s ", device);
    switch(tflag){
    case 0:
        break;

[mcr]

Given that "tcpdump -i xxx0 -n -p blah" is commonly how people invoke things, this would be a gratuitous change. I think that we should have a different option to do this, and perhaps we can ena ble to specifically for "-i any".

[gvanem]

And remember that on some (old?) version of WinPcap, the device name could be a wide-string. Hence '%S ' is needed. I don't remember when or where (Win9x?) this is/was an issue.

[fxlb]

For the 'any' device, I would like to have:

I ethX: print-like-usual-x


O ethY: print-like-usual-y

(I for In and O for Out)

[infrastation]

Tx/Rx?

[fxlb]

I'm okay with that too

[infrastation]

The originally suggested change prints the argument to tcpdump's -i option. To print the interface name/index associated with the packet it is necessary to have it available in the specific DLT, see DLT_PFLOG. The same applies to the packet direction (Tx/Rx), see DLT_LINUX_SLL. In other words, it is relatively simple to modify tcpdump to display on request that meta-information when it is available in the DLT, but many existing DLTs just cannot be extended this way in a backwards-compatible manner. In the specific case of Linux "any" pseudo-interface it would be necessary to replace DLT_LINUX_SLL with a new DLT, most likely as suggested in the-tcpdump-group/libpcap#127.

[amosshapira]

+1 for this feature. I see that last change was over 18 months ago. Is there any ETA? Thanks.

[mcr]

Amos Shapira [email protected] wrote:
> +1 for this feature. I see that last change was over 18 months ago. Is there
> any ETA? Thanks.

Send patch...

] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [

[leonerd]

The LINUX_SLL2 header format includes the interface index; that can be used to provide this feature

http://comments.gmane.org/gmane.network.tcpdump.devel/6991

[guyharris]

The LINUX_SLL2 header format includes the interface index; that can be used to provide this feature

...but only if you are printing the interface name while doing a live capture, or are running tcpdump on a saved capture taken on the machine on which you're running tcpdump at a time when it has the same network configuration as it did when the capture was done, or running it on a machine with the same network configuration and interface names.

pcapng fixes this problem by providing Interface Description Blocks that include the interface name.

[leonerd]

Sure - both features work well together. The SLL2 header per packet tells you which interface it came in on, and every time you mention a new interface index, provide an IDB to map that index onto its name.

[guyharris]

Sure - both features work well together. The SLL2 header per packet tells you which interface it came in on, and every time you mention a new interface index, provide an IDB to map that index onto its name.

All pcapng packet blocks either 1) already have an interface ID field that refers to an IDB or 2) is a Simple Packet Block that implicitly has an interface ID of 0; the extra interface ID field in the SLL2 header wouldn't be used to look up IDBs.

[infrastation]

The tip of the iceberg that prints the interface name has been added in pull request #689 (see also the-tcpdump-group/tcpdump-htdocs#11). Essential parts of the iceberg itself have been specified by Paul Evans (the-tcpdump-group/tcpdump-htdocs#3) and implemented by Guy Harris in the master branch. There is still work to be done before this story is fully implemented, it is recorded in #480 and the-tcpdump-group/libpcap#127). Please leave any follow-up comments there as this specific request is now implemented and closed for clarity.

[zyf0330]

Hello, I want to know when v4.10.0 releases?