tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: question on DLT_ types

From: Guy Harris <guy () alum mit edu>
Date: Fri, 26 Mar 2004 12:55:35 -0800

On Mar 25, 2004, at 12:00 PM, alex medvedev wrote:


how do the DLT_ types get assigned?
is there some "central authority" that does it?
Yes. If somebody wants a new DLT_ value, they should ask tcpdump.org for it. 


or are they arbitrarily assigned and therefore different between
platforms (e.g. AIX with its IFT_ types).
Historically, that did happen, although AIX is somewhat of a special case - they just started from scratch and made something that's source-level incompatible for programs using libpcap (nanosecond vs. microsecond time resolution) *AND* incompatible at the capture file level (time resolution *and* link-layer type).
The DLT_ values in the range DLT_NULL through DLT_FDDI are, as far as I know, the same on all platforms (except perhaps for AIX); those were probably the ones used in early versions of BPF and libpcap.
Some of the other values in the range 11 through 98 have been used for different purposes on different platforms.
We picked 100 as the base for the new range of values, and those are *probably* the same on all platforms (modulo some problems with the PFLOG type in OpenBSD - they originally picked 17, which collided with DLT_LANE8023 in SuSE 6.3, and later changed the encapsulation and, somewhere along the line, also switched out our value of 117 - and 127 originally having been reserved for the Absolute Value Systems 802.11 "radio header", but not, as far as I know, ever used for that, and later being assigned to the BSD radiotap 802.11 "radio header" with the AVS header now having 163 reserved for it).
We obviously can't control who uses non-standard DLT_ values, but people *do* seem to be asking us for values (perhaps thanks, in part, to the rather emphatic comments I put into pcap-bpf.h, savefile.c, and Ethereal's wiretap/libpcap.c). 

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: