Re: [tcpdump-workers] Patch to add generic DLT for raw protocol families

Thu, 01 Mar 2001 23:16:41 -0800 

On Thu, Mar 01, 2001 at 10:07:21PM -0800, Guy Harris wrote:

 > > What I came up with is called DLT_RAWAF(family).  So, DLT_RAW,
 > > strictly interpreted[*], would be DLT_RAWAF(AF_INET).
 > 
 > So would it ever be the case that a packet capture would be a
 > DLT_RAWAF(AF_xxx) capture?

DLT_RAWAF() is named as it is to indicate that AF_xxx should be used
with it.  But *any* AF_xxx constant may be used.  AF_INET, AF_INET6,
AF_DECNET, whatever.

 > If so, then we'd want to arrange to have platform-independent versions
 > of the DLT_RAWAF() values, to put in the capture file header, so that,
 > for example, a DLT_RAWAF(AF_INET6) capture would have the same
 > link-layer type in the header, regardless of which particular OS the
 > capture was done on.

OIC -- for pcap_file_header's linktype field -- I forgot all about that,
really.

So, what happens for pcap_file_header in the DLT_NULL case?  In that case,
the packet has the AF_xxx constant prepended -- is there any attempt to
translate those into a platform-independent format?

 >      1) what about a DLT_RAWAF() value with an AF_ type other than
 >         AF_UNSPEC, AF_INET, or AF_INET6?  Should "gen_linktype()"
 >         either print an error or just do "return gen_false()" in that
 >         case?

Er... the old code essentially just fell through, into the
"switch (linktype)" so I kept that.  Looking at it some more,
yah, might be a good idea to print an error like "sorry, this
RAWAF is not supported yet."

 >      2) should, for AF_UNSPEC, code be generated to check the IP
 >         header's version number for 4 or 6, depending on whether
 >         "proto" is ETHERTYPE_IP or ETHERTYPE_IPV6?

Um, I guess we could do that, but it seems inconsistent with other code
in gencode.c -- it seems that there's an assumption that ETHERTYPE_xx
does the right thing already, and that's how the old DLT_RAW worked, too.
(AF_UNSPEC is really only there to emulate that DLT's IPv6 behavior).

-- 
        -- Jason R. Thorpe <[EMAIL PROTECTED]>
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe

Reply via email to