Scapy sniff() with filter fails on offline pcap file with linktype 101 (raw IP)

[netsecfish]

Brief description

When using Scapy's sniff() function with the filter parameter to process a pcap file offline, it fails to compile the filter expression if the pcap file has a linktype of 101 (raw IP).

This bug seems to be very similar to #3093.

Scapy version

2.6.1.dev45

Python version

3.10

Operating system

Ubuntu 18.04.6 LTS

Additional environment information

No response

How to reproduce

Please execute the following commands after downloading anonymized.zip:

from scapy.all import *

packets = sniff(offline='./anonymized.pcap', filter='tcp', session=TCPSession, store=True)

anonymized.zip

Actual result

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/bf/.conda/envs/xxx/lib/python3.10/site-packages/scapy/sendrecv.py", line 1425, in sniff
    sniffer._run(*args, **kwargs)
  File "/home/bf/.conda/envs/xxx/lib/python3.10/site-packages/scapy/sendrecv.py", line 1219, in _run
    sniff_sockets.update((PcapReader(  # type: ignore
  File "/home/bf/.conda/envs/xxx/lib/python3.10/site-packages/scapy/sendrecv.py", line 1221, in <genexpr>
    tcpdump(fname,
  File "/home/bf/.conda/envs/xxx/lib/python3.10/site-packages/scapy/utils.py", line 3147, in tcpdump
    compile_filter(flt, linktype=linktype)
  File "/home/bf/.conda/envs/xxx/lib/python3.10/site-packages/scapy/arch/common.py", line 128, in compile_filter
    raise Scapy_Exception(
scapy.error.Scapy_Exception: Failed to compile filter expression tcp (-1)

Expected result

Scapy should be able to process the pcap file offline and apply the bpf filter, successfully reading only TCP packets from the linktype of 101 (raw IP) pcap file.

Related resources

No response