Re: libpcap filters

[Guy Harris <gharris () sonic net>]

On Mon, Jun 09, 2003 at 10:11:53AM -0700, Pinkney, John wrote:
> I am looking at adding Frame Relay into libpcap including filtering support.

The current CVS version of libpcap already supports Frame Relay; current
released versions, including, 0.7.2, don't have Frame Relay support, but
the current CVS version does.  You can get the current CVS version via
anonymous CVS or by downloading one of the "Current Tar Files" tarballs;
see the tcpdump.org home page for information on that.

Look for code that refers to DLT_FRELAY.

> With Frame Relay supporting long and short versions of the NLPID
> encapsulation, it means that the network layer can start at different
> offsets.

Currently, the code assumes a 2-byte Frame Relay header, as one of the
comments in a DLT_FRELAY section of gencode.c says.  It also currently
doesn't handle SNAP-encapsulated frames with an NLPID of 0x80, as
another such comment says.

> Is it possible for the filtering code to handle variable network layer
> offsets on a single DLT type?

Currently, no.  The problem with variable network layer offsets is that
gencode.c currently assumes that the network layer offset is fixed, and
it includes nothing to emit BPF code to compute a network layer offset
and put it into a storage location and then use it later when testing
network layer header fields.  I've been working on code to do that (it's
also needed to handle source-routed Token Ring packets and to handle
802.11 packets with four MAC addresses), but it's not done yet (and,
unless I've missed something, it's not trivial to get the optimizer to
handle it).
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe