Re: gencode.c

[Xiaochun Lu <xiaoclu () gmail com>]

Hi, Guy:


On Thu, Nov 4, 2010 at 4:03 PM, Guy Harris <guy () alum mit edu> wrote:
> On Nov 4, 2010, at 12:40 PM, Xiaochun Lu wrote:
>
> yes, my git version is 1.2.0-PRE-GIT.
> xcrp is a regular network device. The problem is that it  is not
> supported by libpcap yet. I add DLT value for xcrp by myself.
>
> Don't do that.  If you chose some value other than DLT_USER0/LINKTYPE_USER0
> through DLT_USER15/LINKTYPE_USER15 for it, at some point in the future,
> there is a significant chance that the tcpdump.org developers will assign
> some other DLT_/LINKTYPE_ the same numerical value (and the closer the value
> you chose is to the current maximum value, the closer that point in the
> future moves to the present), at which point, if you're maintaining your own
> version of Wireshark, doing so will be harder, as the standard version of
> Wireshark might interpret that DLT_/LINKTYPE_ value as being for something
> other than xcrp packets.
> If you only plan to use that link-layer type in your organization (company,
> company department, university lab, government lab, personal hobby, etc.),
> then you should use one of the DLT_USERn types, and maintain your own
> modified versions of libpcap and Wireshark; no version of libpcap will
> *EVER* use DLT_USERn values itself, and no version of Wireshark will ever
> use the corresponding WTAP_ENCAP_USERn values itself.
> If you plan to use that link-layer type outside your organization, you
> should request that tcpdump.org assign you a DLT_ value; to request a DLT_
> value, send an email to tcpdump-workers () tcpdump org.  In that mail, if the
> link-layer header format is specified by a standard (for example, IEEE 802
> networks), specify the standard; if it's not specified by a standard - this
> includes a header that is based on a standard but doesn't conform to the
> standard because, for example, it adds extra padding to the header - then
> describe the header in detail.
XCRP act as multiplexer between layer 2 and  layer3. It is not a
standard interface.
I guess it will be difficult to get DLT_value from tcpdump.org.
Using DLT_USERn fits my need too.

> Right now,  I can  capture packets without capture filter. Then  I can
> apply read filter when read it out from pcap file. seems to me that I
> need add
> some special code for DLT_XCRP  in gen_linktype(protol).
>
> If you don't care whether you can use a capture filter with your link-layer
> type, then add to gen_linktype() a case statement such as
> case DLT_XCRP:
> bpf_error("XCRP link-layer type filtering not implemented");
> before the
>         /*
>          * All the types that have no encapsulation should either be
>          * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
>          * all packets are IP packets, or should be handled in some
>          * special case, if none of them are (if some are and some
>          * aren't, the lack of encapsulation is a problem, as we'd
>          * have to find some other way of determining the packet type).
>          *
>          * Therefore, if "off_linktype" is -1, there's an error.
>          */
>         if (off_linktype == (u_int)-1)
>                 abort();
>
> code (which is probably the code that's calling abort()).
> If you *do* care, you'll have to add some more code to libpcap; you should
> probably ask about that on tcpdump-workers () tcpdump org.
I will do it.


Thanks

shawn___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe