> Yes. The most common length is 24 bytes. If there aren't any bridges in
> the network, all data (not control) frames should be that length.
OK, so that'd make off_linktype be 24, along the lines of what's done
for FDDI (DLT_FDDI) and Token Ring (DLT_IEEE802), both of which have a
link-layer header and an 802.2 header.
For FDDI and Token Ring, off_nl is off_linktype+8, where 8 is the length
of an LLC+SNAP header, so off_nl would be 32.
> After
> that there is a 802.2 LLC header, where may be a link type (this is usually
> the case). Should I set off_nl = 24; off_linktype = -1; ?
Nope, see above.
> Anyway, if WEP
> (encryption) is being used, the 802.2 header won't be visible.
It looks as if the Ethereal dissector doesn't bother dissecting the LLC
header, or anything else, on WEP-encrypted packets, so perhaps the
code generator should, for 802.11, add in a test of "not WEP" before any
tests of stuff in the 802.2 header or beyond are done (just as it should
check for data frames before testing those).
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
