tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is any work going on to improve the pcap format so we have have multuple link-types per capture?

From: Richard Sharpe <rsharpe () richardsharpe com>
Date: Tue, 10 Jun 2003 11:40:49 -0700 (PDT)
On Tue, 10 Jun 2003, Hannes Gredler wrote:


On Tue, Jun 10, 2003 at 09:18:55AM -0700, Richard Sharpe wrote:

| #define DLT_VAR_LINKTYPE 0xFFFF
| /*
|  * And here is the pkt_hdr_var structure
|  * Note that after the linktype, everyting looks like a normal libpcap
|  * format pkthdr structure ...
|  */
| struct pcap_hdr_encap {
|   bpf_u_int32 linktype;
|   struct pcap_pkthdr hdr;
| }; 

richard,

what was the purpose of the COMMENT_DLT_ again ?


This allows us to add textual comments to packet traces for all sorts of 
reasons, including annotations, pedagogical, etc.
 

the DLT_VAR_LINKTYPE looks simple and hence great - 
not that anybody would care but you have got my voice ;-)

/hannes





-- 
Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, 
sharpe[at]ethereal.com, http://www.richardsharpe.com

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: