From 5a61eb332b96f015d5c4c8d0c84e600736ce1b87 Mon Sep 17 00:00:00 2001
From: GyulyVGC <gyulyvgc99@gmail.com>
Date: Mon, 1 Sep 2025 22:21:00 +0200
Subject: [PATCH] manually extract protocol type from Linux SSL header

---
 src/networking/parse_packets.rs | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/networking/parse_packets.rs b/src/networking/parse_packets.rs
index b1802dd7..390c0f0e 100644
--- a/src/networking/parse_packets.rs
+++ b/src/networking/parse_packets.rs
@@ -25,7 +25,7 @@
 use crate::utils::types::timestamp::Timestamp;
 use async_channel::Sender;
 use dns_lookup::lookup_addr;
-use etherparse::LaxPacketHeaders;
+use etherparse::{EtherType, LaxPacketHeaders};
 use pcap::{Address, Packet};
 use std::collections::HashMap;
 use std::net::IpAddr;
@@ -287,7 +287,7 @@ fn get_sniffable_headers<'a>(
         MyLinkType::RawIp(_) | MyLinkType::IPv4(_) | MyLinkType::IPv6(_) => {
             LaxPacketHeaders::from_ip(packet).ok()
         }
-        MyLinkType::LinuxSll(_) => LaxPacketHeaders::from_linux_sll(packet).ok(),
+        MyLinkType::LinuxSll(_) => from_linux_sll(packet),
         MyLinkType::Null(_) | MyLinkType::Loop(_) => from_null(packet),
     }
 }
@@ -321,6 +321,20 @@ fn matches(value: u32) -> bool {
     }
 }
 
+fn from_linux_sll(packet: &[u8]) -> Option<LaxPacketHeaders<'_>> {
+    if packet.len() <= 16 {
+        return None;
+    }
+
+    let protocol_type = u16::from_be_bytes([packet[14], packet[15]]);
+    let payload = &packet[16..];
+
+    Some(LaxPacketHeaders::from_ether_type(
+        EtherType(protocol_type),
+        payload,
+    ))
+}
+
 fn reverse_dns_lookup(
     resolutions_state: &Arc<Mutex<AddressesResolutionState>>,
     new_hosts_to_send: &Arc<Mutex<Vec<HostMessage>>>,