tcpdump mailing list archives
Re: New official link-layer type request
From: Guy Harris <gharris () sonic net>
Date: Sat, 18 May 2019 17:27:49 -0700
On May 18, 2019, at 5:03 PM, Damir Franusic <damir.franusic () gmail com> wrote:
And does wireshark currently support new block types and custom options in EPBs. I would need to access them in dissector plugin, that's what I'm worried about.
There are three types of blocks:
1) standard blocks - you must first register them in the pcapng spec before you use them (just as you must
register new LINKTYPE_/DLT_ values before using them), and then Wireshark can be changed to allow plugins for them;
2) "local" blocks, with a block type with the high-order bit set - you don't need to register them before using
them, but you also can't arrange that nobody else use the same block type value;
3) custom blocks, for which your organization needs an IANA-assigned Private Enterprise Number - Wireshark
currently doesn't support them, so we would have to add custom block support.
There are three types of options:
1) standard options - you must first register them in the pcapng spec before you use them (just as you must
register new LINKTYPE_/DLT_ values before using them), and then Wireshark can be changed to allow plugins for them;
2) "local" options, with an option type with the high-order bit set - you don't need to register them before
using them, but you also can't arrange that nobody else use the same block type value;
3) custom options, for which your organization needs an IANA-assigned Private Enterprise Number - Wireshark
currently doesn't support them, so we would have to add custom option support.
Wireshark *does* support adding plugins to the file-reading code to handle local blocks and options, and to handle
those standard block and option types not already handled by Wireshark (we don't support overriding the code to handle
standard block and option types that *are* handled).
It also supports mapping pcapng block types to "file-type specific event" records, and registering plugin dissectors
for those.
(Michael, this is the detailed answer to your question "Is wireshark modular in how it handles pcapng blocks?")
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Re: New official link-layer type request, (continued)
- Message not available
- Re: New official link-layer type request Damir Franusic (May 11)
- Re: New official link-layer type request Guy Harris (May 11)
- Re: New official link-layer type request Damir Franusic (May 11)
- Message not available
- Re: New official link-layer type request Damir Franusic (May 12)
- Re: New official link-layer type request Michael Richardson (May 18)
- Re: New official link-layer type request Damir Franusic (May 18)
- Re: New official link-layer type request Guy Harris (May 18)
- Re: New official link-layer type request Damir Franusic (May 18)
- Re: New official link-layer type request Guy Harris (May 18)
- Re: New official link-layer type request Damir Franusic (May 18)
- Re: New official link-layer type request Guy Harris (May 18)
- Re: New official link-layer type request Damir Franusic (May 19)
- Message not available
- Re: New official link-layer type request Guy Harris (May 18)
- Message not available
- Re: New official link-layer type request Guy Harris (May 18)
- Re: New official link-layer type request Damir Franusic (May 18)
- Re: New official link-layer type request Damir Franusic (May 18)
- Re: New official link-layer type request Guy Harris (May 18)
- Re: New official link-layer type request Damir Franusic (May 12)
- Re: New official link-layer type request Damir Franusic (May 12)