tcpdump mailing list archives

Re: libpcap pcap_sendpacket support across platforms.

From: Guy Harris <guy () alum mit edu>
Date: Tue, 23 Mar 2004 14:44:07 -0800


On Mar 23, 2004, at 1:06 PM, Jefferson Ogata wrote:

Michael Richardson wrote:
  okay. Can we call the next release libpcap 1.0 then?
  Anyone want to make any non-backwards compatible changes to the file
format?
A metadata packet-type would be useful. Then you could tag a file withthe pcap expression it was captured with, along with other metadata.If it's just a packet type you can drop in new metadata wherever youlike.


Yes.

My inclination would be to have the per-packet header contain:

a 32-bit interface index, for the interface on which the packetarrived;


        a time stamp;

        the captured data length;

        the actual packet length.

I suspect few, if any, machines will have more than 2^31 interfaces, soif the interface index has the uppermost bit set, it'd be a record type- the time stamp and actual packet length might or might not bemeaningful, and the captured data length would be the length of thedata in the record (so that code that doesn't know about that type ofrecord can just skip it).

If the file magic number has the uppermost bit set, the file headerwould look like a record - and if we decree that it *is* a record (withthe requirement that the first record of a file must be such a record),that could enable concatenation of captures by just concatenating files(which Michael Richardson has mentioned as a desirable goal).

There would also be records for interface properties, so that a capturewould start with the "file magic number" record and then have, beforethe first packet on an interface, a record giving interface propertiessuch as link layer header type, name, interface index, etc..

Other records could contain the filter expression, comments, packetdrop statistics, etc..


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

libpcap pcap_sendpacket support across plaatforms. Mark Pizzolato (Mar 12)
- Re: libpcap pcap_sendpacket support across plaatforms. Guy Harris (Mar 12)
  - Re: libpcap pcap_sendpacket support across platforms. Mark Pizzolato (Mar 13)
    - Re: libpcap pcap_sendpacket support across platforms. Guy Harris (Mar 23)
    - Re: libpcap pcap_sendpacket support across platforms. Michael Richardson (Mar 23)
    - Re: libpcap pcap_sendpacket support across platforms. Jefferson Ogata (Mar 23)
    - Re: libpcap pcap_sendpacket support across platforms. Guy Harris (Mar 23)
    - Re: libpcap pcap_sendpacket support across platforms. Guy Harris (Mar 23)
    - Message not available
    - Re: libpcap pcap_sendpacket support across platforms. Guy Harris (Mar 23)
    - Re: libpcap pcap_sendpacket support across platforms. Michael Richardson (Mar 23)
    - Re: libpcap pcap_sendpacket support across platforms. Richard Sharpe (Mar 23)
    - Re: libpcap pcap_sendpacket support across platforms. Michael Richardson (Mar 23)
    - Message not available
    - Message not available
    - Message not available
    - Re: libpcap pcap_sendpacket support across platforms. Ste Jones (Mar 26)
    - Re: libpcap pcap_sendpacket support across platforms. Stephen Donnelly (Mar 23)
    - Re: libpcap pcap_sendpacket support across platforms. Guy Harris (Mar 23)
    - Re: libpcap pcap_sendpacket support across platforms. Stephen Donnelly (Mar 23)
    - Re: libpcap pcap_sendpacket support across platforms. Guy Harris (Mar 23)

(Thread continues...)