Re: introduction of a new protocol

[Maria Cruz <cruz_petagay () bah com>]

Guy Harris <guy <at> alum.mit.edu> writes:

> Maria Cruz wrote:
> > Hi,  if a new protocol is introduced to libpcap is it necessary to 
> > update 'gencode.c' for parsing?
>
> You would have to add a case to the switch statement in init_linktype().
>
> At minimum, it'd have to do
>
>       /*
>        * Currently, only raw "link[N:M]" filtering is supported.
>        */
>       off_linktype = -1;
>       off_nl = -1;
>       off_nl_nosnap = -1;
>       return;
>
> If you do that, you won't be able to, for example, filter with "host 
> <hostname>".
I do not really want any filtering; at this point.  So the above is fine with 
me.
> If you want to do any fancier filtering, you'd have to, instead, have 
> the case set those variables to the appropriate values.  Among other 
> things, that would require that, within a link-layer packet, there had 
> better be only one higher-layer packet, e.g. one IPv4 or IPv6 datagram.
I expect IPv4 or 6 datagrams in msgs.  

> > I would like libpcap to read the packet 'raw' 
> > and pass on.
>
> At what layer of Figure 1 in "1.4 Reference model" of IEEE Std 
> 802.16-2004 will you be intercepting packets?
The 'MAC Common Part Sublayer' probably, right after the 'Security Sublayer'.  
I would like at the PHY SAP.

> > I plan on using Ethereal to dissect/analyze.  
>
> You might want to plan on using Wireshark, instead. 
Yeah, i meant wireshark.  i got the latest wireshark code, gtk+, libpcap etc.
thanks for your time
maria cruz




-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.