tcpdump mailing list archives
Re: Re: -e vs. -x, revisited
From: Andrew Brown <atatat () atatdot net>
Date: Wed, 18 Dec 2002 09:45:41 -0500
actually, it oughta be simpler than you think. provided that all the functions that may end up being returned from lookup_printer() set packetp and snapend (as it seems they do), then one could simply change default_print_unaligned as follows:Unfortunately, "default_print()" is used for other purposes - if neither "-x" nor "-q" is specified, the payload of the packet is often printed in hex if it wasn't printed by any dissector, and in that case I suspect the intent is to have it print only the payload, not the link-layer header.
i think i disagree. if i have asked to see the link layer headers, then the default_print() routine should print them. the alternative is either (a) sometimes you get them and sometimes you don't depending on whether or not the dissector printed a packet dump, or (b) sometimes you get two dumps of the packet (again, depending on the dissector).
(BTW, as per another recent discussioin, that means multi-line output even if "-v" isn't specified....)
we're already pretty much in that boat if the dissector calls default_print(), right?
It also struck me as a bit ugly to make "default_print_unaligned()" ignore its arguments, and use a global variable, if "-e" was specified - and, besides, that global variable no longer exists (I just checked in a change to get rid of "packetp").
perhaps it's a tad ugly, but it's certainly simpler. see below.
So I checked in a change to add a new "default_print_packet()" routine, which takes a pointer to the beginning of the raw packet data (*not* skipping the link-layer header), the number of bytes of raw packet data captured, and the size of the link-layer header; if "-e" is specified, it prints the raw packet data, and if it's not specified, it prints the part of the raw packet data past the link-layer header, if there is any. I also changed the "xxx_if_print()" routines to call that routine if "xflag" is set.
if (1) default_print_packet() were allowed to ignore its arguments so that it could behave "properly" as per the given flags, (2) it set a flag once called, that we could clear somewhere else, (3) a shim layer was added in between pcap and the xxx_if_print() routines, then (4) you could remove all xflag processing from all the xxx_if_print() routines. *that* sounds decidedly not ugly. -- |-----< "CODE WARRIOR" >-----| codewarrior () daemon org * "ah! i see you have the internet twofsonet () graffiti com (Andrew Brown) that goes *ping*!" werdna () squooshy com * "information is power -- share the wealth." - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Re: New APIs to support multiple DLT_'s on an interface, (continued)
- Re: New APIs to support multiple DLT_'s on an interface Andrew Brown (Dec 16)
- Re: New APIs to support multiple DLT_'s on an interface Guy Harris (Dec 17)
- Re: New APIs to support multiple DLT_'s on an interface Andrew Brown (Dec 17)
- Re: New APIs to support multiple DLT_'s on an interface David Young (Dec 16)
- Re: New APIs to support multiple DLT_'s on an interface Guy Harris (Dec 16)
- -e vs. -x, revisited Guy Harris (Dec 17)
- Re: -e vs. -x, revisited Andrew Brown (Dec 17)
- Re: Re: -e vs. -x, revisited Guy Harris (Dec 17)
- Re: Re: -e vs. -x, revisited Andrew Brown (Dec 17)
- Re: Re: -e vs. -x, revisited Guy Harris (Dec 18)
- Re: Re: -e vs. -x, revisited Andrew Brown (Dec 18)
- Re: Re: -e vs. -x, revisited Guy Harris (Dec 18)
- Re: Re: -e vs. -x, revisited Andrew Brown (Dec 18)
- Re: Re: -e vs. -x, revisited Guy Harris (Dec 18)
- Re: Re: -e vs. -x, revisited Michael Richardson (Dec 18)
- Re: Re: -e vs. -x, revisited Guy Harris (Dec 19)
- Re: -e vs. -x, revisited Guy Harris (Dec 18)
- Re: -e vs. -x, revisited Andrew Brown (Dec 18)
- Re: -e vs. -x, revisited Guy Harris (Dec 19)