Re: Request for new DLT

[Michael Richardson <mcr () sandelman ca>]

Anders Broman <anders.broman () ericsson com> wrote:
    > Currently there is two tags defined to indicate which protocol the
    > packet block starts with:
    > #define EXP_PDU_TAG_LINKTYPE          11 /**< The value part is the linktype value defined by tcpdump
    > * http://www.tcpdump.org/linktypes.html
    > */
    > #define EXP_PDU_TAG_PROTO_NAME        12 /**< The value part should be
    >    an ASCII non NULL terminated string
    > * of the short protocol name used by Wireshark e.g "sip"
    > * Will be used to call the next dissector.
    > */
    > The Wireshak implementation currently only uses EXP_PDU_TAG_PROTO_NAME .
    > Is this good enough?

Seems good enough to me.
Is there a stable reference in the wireshark tree/doc/etc. I can point
to?

How does this sound:

/*
 * DLT type for upper-protocol layer PDU saves from wireshark.
 *
 * the actual contents are determined by two TAGs stored with each
 * packet:
 *   EXP_PDU_TAG_LINKTYPE          the link type (DLT value) of the
 *                                 original packet.
 *
 *   EXP_PDU_TAG_PROTO_NAME        the name of the wireshark dissector
 *                                 that can make sense of the data stored.
 */
#define DLT_WIRESHARK_UPPER_PDU 252

Code should be on github in... there:
https://github.com/the-tcpdump-group/libpcap/commit/e65639c26a00397703102861466473c24181b47c

please fork/edit with more info, and let us know how it works.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr () sandelman ca  http://www.sandelman.ca/        |   ruby on rails    [


_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers