Squashed commit of the following:

commit 2027502c5c1364161854794529738344dddb5c50
Author: MM <gaspmat@gmail.com>
Date:   Thu Mar 22 18:12:07 2012 +0100

    link type must be signed, because dlt_to_linktype can return -1

commit 86027ea77d36d36e39070a54eb5caf3d3490e2e9
Author: MM <gaspmat@gmail.com>
Date:   Wed Mar 21 16:03:58 2012 +0100

    enable sniffing on any type of interface

commit df6eef12147a294d7f198d057c27e87ed4ffbeb3
Author: MM <gaspmat@gmail.com>
Date:   Tue Mar 20 18:01:50 2012 +0100

    ps support for linux meterpreter

[Closes #254]

external/source/meterpreter/source/extensions/sniffer/sniffer.c

@@ -599,6 +599,7 @@ DWORD request_sniffer_capture_start(Remote *remote, Packet *packet) {
 			result = hErr;
 			break;
 		}
+		j->capture_linktype = 1; //  LINKTYPE_ETHERNET forced on windows
 #else
 		name = get_interface_name_by_index(ifh);
 
@@ -612,6 +613,9 @@ DWORD request_sniffer_capture_start(Remote *remote, Packet *packet) {
 			result = EACCES;
 			break;
 		}
+		j->capture_linktype = dlt_to_linktype(pcap_datalink(j->pcap)); // get the datalink associated with the capture, needed when saving pcap file
+		if (-1 == j->capture_linktype)
+			j->capture_linktype = 1; // force to LINKTYPE_ETHERNET in case of error
 
 		if(packet_filter) {
 			struct bpf_program bpf;
@@ -1019,6 +1023,8 @@ DWORD request_sniffer_capture_dump(Remote *remote, Packet *packet) {
 
 		packet_add_tlv_uint(response, TLV_TYPE_SNIFFER_PACKET_COUNT, pcnt);
 		packet_add_tlv_uint(response, TLV_TYPE_SNIFFER_BYTE_COUNT, rcnt);
+		// add capture datalink, needed when saving capture file, use TLV_TYPE_SNIFFER_INTERFACE_ID not to create a new TLV type
+		packet_add_tlv_uint(response, TLV_TYPE_SNIFFER_INTERFACE_ID, j->capture_linktype); 
 
 		dprintf("sniffer>> finished processing packets");
 

external/source/meterpreter/source/extensions/sniffer/sniffer.h

@@ -35,6 +35,7 @@ typedef struct capturejob
 	unsigned char *dbuf;
 	unsigned int dlen;
 	unsigned int didx;
+	int capture_linktype; //current capture link type that we want to save, ie. LINKTYPE_ETHERNET
 #ifndef _WIN32
 	THREAD *thread;
 	pcap_t *pcap;

external/source/meterpreter/source/server/linux/netlink.c

@@ -836,8 +836,9 @@ void address_calculate_netmask(struct iface_address *address, int ifa_prefixlen)
 
 	if (address->family == AF_INET6) {
 		// if netmask is FFFFFFFF FFFFFFFF 00000000 00000000 (/64), netmask6.a1 and netmask6.a2 == 0xffffffff, and nestmask6.a3 and .a4 == 0
-		// netmask6 is set to 0 at the beginning of the function, no need to reset the values to 0 if it is needed
+		// netmask6 is no longer set to 0 at the beginning of the function,  need to reset the values to 0 
 		// XXX really ugly, but works
+		memset(&address->nm.netmask6, 0, sizeof(__u128));
 		if (ifa_prefixlen >= 96) {
 			address->nm.netmask6.a4 = (1 << (ifa_prefixlen-96))-1;
 			address->nm.netmask6.a1 = address->nm.netmask6.a2 = address->nm.netmask6.a3 =  0xffffffff;

lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb

@@ -96,6 +96,7 @@ class Sniffer < Extension
 		{
 			:packets => response.get_tlv_value(TLV_TYPE_SNIFFER_PACKET_COUNT),
 			:bytes   => response.get_tlv_value(TLV_TYPE_SNIFFER_BYTE_COUNT),
+			:linktype => response.get_tlv_value(TLV_TYPE_SNIFFER_INTERFACE_ID),
 		}
 	end
 	

lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb

@@ -132,7 +132,7 @@ class Console::CommandDispatcher::Sniffer
 		bytes_all = res[:bytes] || 0
 		bytes_got = 0
 		bytes_pct = 0
-
+		linktype = res[:linktype]
 		while (bytes_all > 0)
 			res = client.sniffer.capture_dump_read(intf,1024*512)
 
@@ -156,7 +156,7 @@ class Console::CommandDispatcher::Sniffer
 			fd = ::File.new(path_cap, 'ab+')
 		else
 			fd = ::File.new(path_cap, 'wb+')
-			fd.write([0xa1b2c3d4, 2, 4, 0, 0, 65536, 1].pack('NnnNNNN'))
+			fd.write([0xa1b2c3d4, 2, 4, 0, 0, 65536, linktype].pack('NnnNNNN'))
 		end
 
 		pkts = {}