Re: Variable length mac headers and gencode.c (and

[Darren Reed <darren.reed () oracle com>]

On 13/05/11 01:02 AM, Guy Harris wrote:
> On May 13, 2011, at 12:52 AM, Darren Reed wrote:
>
>    
> > The goal of this is quite specific: to allow packets on a network device
> > to have mixed link-layer headers present and be able to use tcpdump and
> > friends to push meaningful filters into the kernel. The general thrust
> > of that is towards IP, thus weird 802.2/PPP headers aren't really that
> > interesting from a problem perspective, however that doesn't mean they
> > get ignored.
> >      
> Are the link-layer headers, or some component of them, of any interest in this particular application? (Presumably so, 
> otherwise you'd just be using LINKTYPE_RAW, with all packets being IPv4 or IPv6 and starting with the IPv{4,6} header, 
> with the version field being used to distinguish between them.)
>    

Right.

> Is the *entire* link-layer header of interest, or only selected fields?  LINKTYPE_LINUX_SLL:
>
>         http://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html
>
> will supply a standardized packet type (Ethertype if it has one, 1 if it's the crufty old IPX-directly-over-Ethernet stuff, 4 if 
> the payload starts with an 802.2 header, protocols that have no Ethertype nor a DSAP nor an OUI/PID combination for SNAP aren't 
> allowed) and the sender's link-layer address, if any, along with the Linux ARPHRD_ type for the device (to help you interpret the 
> sender address, presumably.  If that supplies enough information, you could use that.
>    

That would require throwing away too much useful information.

Darren

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.