tcpdump mailing list archives

Re: Re: -e vs. -x, revisited

From: Andrew Brown <atatat () atatdot net>
Date: Tue, 17 Dec 2002 15:57:27 -0500

actually, it oughta be simpler than you think.  provided that all the
functions that may end up being returned from lookup_printer() set
packetp and snapend (as it seems they do), then one could simply
change default_print_unaligned as follows:


Unfortunately, they don't all set "packetp" to the right value - to
quote the comment that appears in many print-XXX.c files:

      /*
       * Actually, the only printers that use packetp are print-arp.c
       * and print-bootp.c, and they assume that packetp points to an
       * Ethernet header.  The right thing to do is to fix them to know
       * which link type is in use when they excavate. XXX
       */

The claim in question is not, in fact, true of "print-arp.c", but it is
...


well...drat!

okay...how about if instead of

        } else {
                printer = lookup_printer(pcap_datalink(pd));
                pcap_userdata = 0;
        }

we had something like

        } else {
                printer = generic_printer(pcap_datalink(pd));
                pcap_userdata = 0;
        }

and

void
generic_printer(u_char *user _U_, const struct pcap_pkthdr *h, const u_char *p)
{
        static pcap_handler dlt_printer = NULL;

        if (dlt_handler == NULL)
                dlt_handler = generic_printer(pcap_datalink(pd));
        packet_start = p;
        packet_len = h->caplen;

        (*dlt_printer)(_U_, h, p);

        /* handle -x here? */
}

the framework is all there to stuff another slim layer in between the
per-dlt printer and the pcap library.  the only tricky bit might be
for those dlt printers that do the -x output by default.  we don't
need two copies printed.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior () daemon org             * "ah!  i see you have the internet
twofsonet () graffiti com (Andrew Brown)                that goes *ping*!"
werdna () squooshy com       * "information is power -- share the wealth."
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

Re: New APIs to support multiple DLT_'s on an interface, (continued)
- - - Re: New APIs to support multiple DLT_'s on an interface Guy Harris (Dec 16)
    - Re: New APIs to support multiple DLT_'s on an interface Andrew Brown (Dec 16)
    - Re: New APIs to support multiple DLT_'s on an interface Andrew Brown (Dec 16)
    - Re: New APIs to support multiple DLT_'s on an interface Guy Harris (Dec 17)
    - Re: New APIs to support multiple DLT_'s on an interface Andrew Brown (Dec 17)
    - Re: New APIs to support multiple DLT_'s on an interface David Young (Dec 16)
    - Re: New APIs to support multiple DLT_'s on an interface Guy Harris (Dec 16)
    - -e vs. -x, revisited Guy Harris (Dec 17)
    - Re: -e vs. -x, revisited Andrew Brown (Dec 17)
    - Re: Re: -e vs. -x, revisited Guy Harris (Dec 17)
    - Re: Re: -e vs. -x, revisited Andrew Brown (Dec 17)
    - Re: Re: -e vs. -x, revisited Guy Harris (Dec 18)
    - Re: Re: -e vs. -x, revisited Andrew Brown (Dec 18)
    - Re: Re: -e vs. -x, revisited Guy Harris (Dec 18)
    - Re: Re: -e vs. -x, revisited Andrew Brown (Dec 18)
    - Re: Re: -e vs. -x, revisited Guy Harris (Dec 18)
    - Re: Re: -e vs. -x, revisited Michael Richardson (Dec 18)
    - Re: Re: -e vs. -x, revisited Guy Harris (Dec 19)
    - Re: -e vs. -x, revisited Guy Harris (Dec 18)
    - Re: -e vs. -x, revisited Andrew Brown (Dec 18)
    - Re: -e vs. -x, revisited Guy Harris (Dec 19)

(Thread continues...)