On Mon, 9 Jun 2003, Guy Harris wrote:
Cc list trimmed ...
> On Mon, Jun 09, 2003 at 10:39:26PM -0700, Richard Sharpe wrote:
> > It seems to me that this is overkill for what we want/need, and it does
> > not define the encap as DLT types. Rather, it defines them as Ethernet
> > Wiretap enacp types,
>
> s/Ethernet/Ethereal/
>
> > which is not good enough!
>
> Which is, in fact, completely bogus, as Ethereal may well change
> WTAP_ENCAP_ values at any time (and, in fact, has changed them in the
> lifetime of the Tazmen stuff).
>
> Ethereal now treats them as Tazmen-specific values (that happen to have
> the same values as *some* of the WTAP_ENCAP_ values as of when the
> Tazmen support was first checked into Ethereal).
>
> DLT_ types are the right answer for libpcap, however.
Right. Here is a more complete suggestion:
/*
* This could actually be any value you like ...
*/
#define DLT_COMMENT 0xFFFE
/*
* This next value is set to keep it out of the way
*/
#define DLT_VAR_LINKTYPE 0xFFFF
/*
* And here is the pkt_hdr_var structure
* Note that after the linktype, everyting looks like a normal libpcap
* format pkthdr structure ...
*/
struct pcap_hdr_encap {
bpf_u_int32 linktype;
struct pcap_pkthdr hdr;
};
> Note, though, that trying to make BPF filter those is non-trivial.
Right, but I am not sure that we want to do this.
--
Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]
