tcpdump mailing list archives
Re: Request for new DLT for RFTAP
From: Guy Harris <guy () alum mit edu>
Date: Wed, 31 Aug 2016 12:00:09 -0700
On Aug 31, 2016, at 11:49 AM, Jonathan Brucker <jonathan.brucke () gmail com> wrote:
On Wed, Aug 31, 2016 at 6:27 PM, Guy Harris <guy () alum mit edu> wrote:On Aug 31, 2016, at 11:03 AM, Jonathan Brucker <jonathan.brucke () gmail com> wrote:RFtap is here to bridge this gap, for all protocols.That's exactly why I don't like its current design! Can we please kill off the idea of meta-data headers that contain link-layer header types, so that you have a LINKTYPE_/DLT_ value where the packet payload could have extremely different protocol link-layer header types, now and forever? Now, if you want to provide the *measured* information in a protocol-independent fashion, a better way, that doesn't have the "LINKTYPE_ value says nothing whatsoever about the actual link-layer protocol" problem, we could have *multiple* LINKTYPE_ values, for "RFtap followed by Radiotap followed by 802.11" and "RFtap followed by GSMTAP followed by GSMTAP payload" and so on.We could split the 32-bit value of LINKTYPE
It's a 16-bit value in pcapng:
http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=https://raw.githubusercontent.com/pcapng/pcapng/master/draft-tuexen-opsawg-pcapng.xml&modeAsFormat=html/ascii&type=ascii#rfc.section.4.2
so you don't have 32 bits to use.
The cross section of BPF users and RFtap users may be empty. RFtap is more oriented towards higher-level tools such as Wireshark and Scapy.You are aware that Wireshark, at least, uses libpcap/WinPcap to capture, and therefore uses BPF when capturing? I'm not sure about Scapy, but it might support libpcap filters as well.Sure, I meant users that actually use the *filters* in BPF. For higher level tools, BPF is mostly used just a conduit, with a filter to accept all packets. The RFtap the filtering is expected to be done mostly using Wireshark dissectors or Scapy dissectors.
Actually, the Wireshark developers expect people to do libpcap-layer filtering when using Wireshark, and often recommend doing it. _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Request for new DLT for RFTAP Jonathan Brucker (Aug 31)
- Re: Request for new DLT for RFTAP Guy Harris (Aug 31)
- Re: Request for new DLT for RFTAP Jonathan Brucker (Aug 31)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Request for new DLT for RFTAP Guy Harris (Aug 31)
- Re: Request for new DLT for RFTAP Jonathan Brucker (Aug 31)
- Re: Request for new DLT for RFTAP Guy Harris (Aug 31)