tcpdump mailing list archives
Re: Printing PPI packets
From: Guy Harris <guy () alum mit edu>
Date: Thu, 5 May 2011 11:16:08 -0700
On May 5, 2011, at 11:07 AM, Darren Reed wrote:
There are also libpcap issues here that need to be resolved. At present, using any filter with a PPI device fails to match any packet that doesn't have a DLT of DLT_IEEE802_11.
...which is one of the things wrong with PPI. pcap-ng makes the link-layer type part of the record header, rather than part of the record data, so you don't have to special-case the filtering routine (so that, for PPI, the filter routine would pull the link-layer type out and run different filter programs based on the link-layer type) or have the BPF compiler generate, for PPI, code that switches off the link-layer type and includes code to do the filtering for all possible link-layer types. pcap-ng, and the first of those strategies for PPI, would require a routine that sets the filter on a pcap_t to a string, so that code can be generated while reading the savefile as each link-layer type is discovered (unless you generate code for every possible link-layer type and stash it away "just in case", but even that requires a different API).- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Printing PPI packets Darren Reed (Apr 08)
- Re: Printing PPI packets Michael Richardson (May 04)
- Re: Printing PPI packets Darren Reed (May 05)
- Re: Printing PPI packets Guy Harris (May 05)
- Re: Printing PPI packets Darren Reed (May 05)
- Re: Printing PPI packets Guy Harris (May 05)
- Re: Printing PPI packets Darren Reed (May 05)
- Re: Printing PPI packets Guy Harris (May 05)
- Re: Printing PPI packets Darren Reed (May 05)
- Re: Printing PPI packets Guy Harris (May 05)
- Re: Printing PPI packets Guy Harris (May 05)
- Re: Printing PPI packets Darren Reed (May 05)
- Re: Printing PPI packets Guy Harris (May 05)
- Re: Printing PPI packets Darren Reed (May 05)
- Re: Printing PPI packets Michael Richardson (May 04)