Re: Reserving a libpcap DLT value

[Hannes Gredler <hannes () juniper net>]

On Tue, Oct 08, 2002 at 08:02:23PM -0700, Kent Dahlgren wrote:
| Guy
| 
| The goal here is to de-couple the requirement for coordination between
| libpcap and Ethereal. From what I have seen in the Ethereal comments
| it hasn't worked well, and the situation will only get worse. The number
| of transports will grow dramatically the use of as switched interconnect
| technology increases.
| 
| The approach that I have suggested is simple.
| 
|         1) A libpcap file is generated by whatever tool the user wants.
|         This includes specialized tools that grab packet streams from
|         specialized interfaces like the NPF Streaming Interface. All they
|         have to do is make the data link type = DLT_NAMED, and set
|         the dlt_name string to "dissector_name".
| 
|         2) Ethereal loads the file and starts decoding it with a dissector
|         whose PROTOABBREV = dissector_name.

kent,

ok now i get it; - IMHO you should not attempt to change the generic packetheader;
perhaps the easiest way [and to fix that one and for all for the future is to create a
vendor_private DLT type that follows a TLV orientation and hence
easy extensible without coordination efforts;
with "private" i do not necessarily mean "closed" but extensible; one of the flaws
of libpcap format is that it is not extensible i.e. depends on wellknown types;

struct pcap_file_header {
        bpf_u_int32 magic;
        u_short version_major;
        u_short version_minor;
        bpf_int32 thiszone;     /* gmt to local correction */
        bpf_u_int32 sigfigs;    /* accuracy of timestamps */
        bpf_u_int32 snaplen;    /* max length saved portion of each pkt */
        bpf_u_int32 linktype;   /* data link type (LINKTYPE_*) */
};

is kept as is;

struct pcap_pkthdr {
        struct timeval ts;      /* time stamp */
        bpf_u_int32 caplen;     /* length of portion present */
        bpf_u_int32 len;        /* length this packet (off wire) */
};

is kept as is;

a new structure called pcat_dlt_private_hdr will be created and each information
following will be prepended by this structure;

struct pcap_dlt_private_hdr {
        u_char oui[3];              /* vendor OUI - 0 for public */
        u_char type[2];             /* typecode */                        
        u_char length[2];           /* length */
}
 
for the OID 0 there are a few wellknown types

like:

#1 packet_payload
#2 dlt_name
#3 private_linktype
#4 direction

| So I have two questions:
| 
|         1) how do I get "DLT_NAMED" reserved in libpcap?

pick a free one - bpf/net/bph.h shows you the actual list;
 
|         2) Who do I coordinate with to get the DLT_NAMED
|         extensions that I am working on in Ethereal 0.97
|         integrated into the next release?

well, submit a patch to the tcpdump-workers list and wait for discussion/commit;

/hannes

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe