Wireshark mailing list archives

Re: Calling MAC-LTE dissctor from lua dissector on the rest of te data

From: Guy Harris <guy () alum mit edu>
Date: Sun, 8 Apr 2012 19:38:54 -0700


On Apr 8, 2012, at 1:17 PM, Martin Mathieson wrote:

I would like to do this.  Looking at the other definitions in http://www.tcpdump.org/linktypes.html, they have quite 
formal specifications, so I'm wondering what I would need to do first.

Really all we have is the description in 
http://anonsvn.wireshark.org/wireshark/trunk/epan/dissectors/packet-mac-lte.h (and the function 
dissect_mac_lte_context_fields(), and the example program for encoding a file of this format 
(http://www.wireshark.org/~martinm/mac_pcap_sample_code.c).  There are some existing parameters in the struct 
mac_lte_info that you can't currently set using this framing method - these are optional fields that could be added 
later if someone wanted them.  And it is always possible we'd want to add more (probably optional) fields that aren't 
yet in mac_lte_info.


If you want to be able to add optional fields, make sure that the header is extensible in some fashion, so that, if the 
fields are added, the existing code that handles that pseudo-header will be able to handle the new header (even if it 
just ignores the additional fields) and so that code updated to handle the new fields can still handle files with the 
old header that lacks those fields.

What would you recommend I submit?  The header file is the ultimate authority...


...but it's less useful if the code to process the pseudo-header isn't going to be written in C.

My goals with http://www.tcpdump.org/linktypes.html and the pages under http://www.tcpdump.org/linktypes to which it 
links are to:

        allow arbitrary applications that process pcap or pcap-ng captures to be extended to handle link-layer header 
types that they don't already handle (i.e., those pages are not supposed to be tcpdump-specific or Wireshark-specific 
or even application-written-in-a-derivative-of-C-specific);

        ensure that the header format won't ever change in a way that would either render old captures not processable 
by newer code or require a preference setting to control which version of the header format is used.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Re: Calling MAC-LTE dissctor from lua dissector on the rest of te data Guy Harris (Apr 05)
- Re: Calling MAC-LTE dissctor from lua dissector on the rest of te data Martin Mathieson (Apr 08)
  - Re: Calling MAC-LTE dissctor from lua dissector on the rest of te data Guy Harris (Apr 08)