tcpdump mailing list archives
Re: Request for new DLT
From: Anders Broman <anders.broman () ericsson com>
Date: Tue, 18 Jun 2013 17:56:11 +0000
Hi, Any chance of getting forward on this? I'm not sure what I should change/make clearer to get this request accepted. We now have another use case in Wireshark: - Exporting decrypted packets from SSL sessions by "cutting" them off after the SSL layer and saving the file with the new DLT value the TLV:s and then the PDU:s Following after the SSL layer. Regards Anders Broman -----Original Message----- From: tcpdump-workers-bounces () lists tcpdump org [mailto:tcpdump-workers-bounces () lists tcpdump org] On Behalf Of Anders Broman Sent: den 24 maj 2013 10:59 To: tcpdump-workers () lists tcpdump org Subject: Re: [tcpdump-workers] Request for new DLT -----Original Message----- From: mcr () sandelman ca [mailto:mcr () sandelman ca] Sent: den 23 maj 2013 20:03 To: Anders Broman Cc: tcpdump-workers () lists tcpdump org Subject: Re: [tcpdump-workers] Request for new DLT
"Anders" == Anders Broman <anders.broman () ericsson com> writes:
Pascal> Anders can describe it better than me, but the format
Pascal> intends to be versatile.It allows you to export any higher
Pascal> level PDUs in a pcap file while maintaining some basic
Pascal> information about the lower layers
So, how are the higher level PDUs going to be described? that is, will you have a recursive DLT value, or what exactly?
Pascal> (like the transport one). The current code sample in
Pascal> Wireshark is for SIP protocol, but could be extended to any
Pascal> protocol if there is a need. With a DLT allocated, it would
Pascal> allow the feature to work out of
I'd rather have it be rather specific and well defined, then loose and nebulous. DLTs already require too much specialized knowledge to decode as it is.
I'm not sure I get the objection, do you feel that these protocol type tag isn't clear enough?
#define EXP_PDU_TAG_LINKTYPE 11 /**< The value part is the linktype value defined by tcpdump
* http://www.tcpdump.org/linktypes.html
*/
#define EXP_PDU_TAG_PROTO_NAME 12 /**< The value part should be an ASCII non NULL terminated string
* of the short protocol name used by Wireshark e.g "sip"
* Will be used to call the next dissector.
*/
/* Add protocol type related tags here NOTE Only one protocol type tag may be present in a packet, the first one found
will be used*/
The meta data tags are optional.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr () sandelman ca http://www.sandelman.ca/ | ruby on rails [
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Request for new DLT Pascal Quantin (May 18)
- Re: Request for new DLT Michael Richardson (May 18)
- Re: Request for new DLT Pascal Quantin (May 19)
- Re: Request for new DLT Anders Broman (May 21)
- Re: Request for new DLT Michael Richardson (May 23)
- Re: Request for new DLT Pascal Quantin (May 23)
- Re: Request for new DLT Anders Broman (May 24)
- Re: Request for new DLT Anders Broman (Jun 18)
- Message not available
- Re: Request for new DLT Anders Broman (Jun 19)
- Re: Request for new DLT Michael Richardson (Jun 27)
- Re: Request for new DLT Anders Broman (Jun 27)
- Re: Request for new DLT Pascal Quantin (May 19)
- Re: Request for new DLT Michael Richardson (May 18)
- Message not available
- Re: Request for new DLT Anders Broman (Jun 24)
- <Possible follow-ups>
- Request for new DLT Anders Broman (May 18)
- Re: Request for new DLT Anders Broman (May 18)