Re: new interface card for wireshark

[Guy Harris <guy () alum mit edu>]

On Jan 17, 2011, at 8:11 AM, Jens Grimmer wrote:

> Hi wireshark community,

(Actually, this list is more like "the tcpdump and libpcap community", but, not surprisingly, there's some overlap 
between the two communities.)

> I would like to ask for a new encapsulation type for libpcap files (WTAP_ENCAP_xx as well as DLT_xx value).

WCAP_ENCAP_ values aren't necessarily fixed values; unlike LINKTYPE_ values, they don't appear in files.  There's no 
reservation-in-advance procedure for them; you'd get a new one when contributing a Wireshark dissector patch.

DLT_ values and the corresponding LINKTYPE_ values are assigned here by tcpdump.org, as the LINKTYPE_ value *does* 
appear in files.

> [note: If I'm not wrong we would nee a new, unique DLT_NG40 (>=230) value in pcap/bpf.h as well as new 
> WTAP_ENCAP_NG40 (>=129) and WTAP_FILE_NG40 (>=61) in wiretap/wtap.h.
> - Sure these values need to bee unique, so I have to ask to get them reserved.]
>
> I'm a developer at the NG4T GmbH – a start-up in Berlin, Germany founded by former Tektronix employees. We provide 
> protocol test software, mainly running on Linux machines. For a customer project we have to integrate ATM 
> hard/software which is not yet supported by libpcap/wireshark. Especially for AAL2 and AAL5 monitoring we have to 
> provide additional context information.
> In the past weeks I prepared (locally) a couple of files (for libpcap and wireshark). What are the next steps to get 
> these enhancements and new files into the common development cycle for common use?

The first step is to assign the DLT_/LINKTYPE_ value; after that, just submit patches for libpcap to tcpdump-workers () 
tcpdump org or the libpcap SourceForge site's tracker, and submit patches for Wireshark to wireshark-dev () wireshark 
org or the Wireshark Bugzilla.

> If you need more information, please send me a mail.
>
> [note: The network interface card is the XS2010 card from Xalyo (a company in Switzerland) which carries ATM traffic. 
> From my knowledge this card is not yet supported by libpcap/wireshark. Currently we have to monitor mainly AAL5 
> traffic (e.g..: here we have to provide channel information like VPI,VCI) and AAL2 traffic (e.g.: here we have to 
> provide VPI,VCI, CID and additional context information to the FP dissector like channel type, division, direction – 
> similar to the information provided by the Tektronix K12).

So presumably the packet data begins with a pseudo-header with that information; could you give a description of that 
pseudo-header?

> I checked out the libpcap and wireshark projects from svn.

(Presumably you mean "I checked out the libpcap project from Git and the Wireshark project from SVN"; libpcap and 
tcpdump went from CVS to Git without stopping at SVN first.)

> For the pcap library I wrote a new pcap-ng40.c/h similar to the pcap-dag.c/h. For wireshark I made new 
> epan/dissectors/packet-ng40.c/h and put the necessary calls to file_access.c, pcap-common.c, wtap.c and defined the 
> pseudo- header-structure in wtap.h. So far on my test machines the modified pcap-libray as well wireshark are running 
> fine under 32bit and 64bit Debian-Linux. Nevertheless I have to do some enhancements the next days. So I expect to 
> have a 'check-in candidate' about end of January. For sure, all software we provide to integrate this card, is GNU 
> public licensed.]

libpcap (and tcpdump) are under a BSD license - it's currently mostly the 4-clause BSD license, which is considered 
incompatible with the GPL:

        http://www.gnu.org/licenses/gpl-faq.html#OrigBSD

Even if it were converted to the 3-clause BSD license, it might be better if the libpcap changes were BSD-licensed - 
Michael?

(Wireshark is GPLv2, so code for it should be GPLv2-licensed.)-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.