tcpdump mailing list archives
Re: Request for a new DLT
From: Guy Harris <guy () alum mit edu>
Date: Tue, 17 Jul 2007 10:40:05 -0700
Fulko Hew wrote:
a given capture will only ever have a single protocol within it,but since the header is common for all protocols, I thought it was better toask for a single DLT instead rather than one DLT per protocol.
Not necessarily - DLTs are cheap, and Wireshark already has, for example, a WTAP_ENCAP_FRELAY_WITH_PHDR encapsulation type. It currently assumes a pseudo-header with less information than your pseudo-header will provide, but that pseudo-header can be generalized in a way to indicate which pieces of information it has. Its WTAP_ENCAP_LAPB already assumes a pseudo-header with direction information; again, that could be extended.
That'd be a bit more work, but I can help with that.(Sigh. I wish pcap-NG and the supporting code were done; it already has, in the packet metadata header, along with the time stamp and lengths, a direction indicator and 16 bits of "link-layer-dependent errors" which could be used for the error/status bits and possibly signal line status - it also has 7 reserved bits that might be usable for that.)
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Request for a new DLT Fulko Hew (Jul 17)
- Re: Request for a new DLT Guy Harris (Jul 17)
- Re: Request for a new DLT Fulko Hew (Jul 17)
- Re: Request for a new DLT Guy Harris (Jul 17)
- Re: Request for a new DLT Fulko Hew (Jul 17)
- Re: Request for a new DLT Guy Harris (Jul 17)
- Re: Request for a new DLT Fulko Hew (Jul 18)
- Re: Request for a new DLT Guy Harris (Jul 18)
- Re: Request for a new DLT Fulko Hew (Jul 18)
- Re: Request for a new DLT Guy Harris (Jul 18)
- Re: Request for a new DLT Fulko Hew (Jul 19)
- Re: Request for a new DLT Fulko Hew (Jul 17)
- Re: Request for a new DLT Guy Harris (Jul 17)