Wireshark mailing list archives
Re: Custom link layer type for logging additional data
From: Guy Harris <guy () alum mit edu>
Date: Wed, 26 Nov 2014 23:21:02 -0800
On Nov 26, 2014, at 8:18 PM, Anil <anilkumar911 () gmail com> wrote:
Hi, During packet capture, I want to log additional data other than what's in the ethernet packet and the per packet pcap header. So, I have created a custom header and am logging additional information into this. I have modified pcap_to_wtap_map[] to add another mapping to add another link type.
And you registered the LINKTYPE_ value that you're using as an index into that array with tcpdump-workers () lists tcpdump org, right? As the comment before that array says: /* * Map link-layer header types (LINKTYPE_ values) to Wiretap encapsulations. * * Either LBL NRG wasn't an adequate central registry (e.g., because of * the slow rate of releases from them), or nobody bothered using them * as a central registry, as many different groups have patched libpcap * (and BPF, on the BSDs) to add new encapsulation types, and have ended * up using the same DLT_ values for different encapsulation types. * * The Tcpdump Group now maintains the list of link-layer header types; * they introduced a separate namespace of LINKTYPE_ values for the * values to be used in capture files, and have libpcap map between * those values in capture file headers and the DLT_ values that the * pcap_datalink() and pcap_open_dead() APIs use. See * http://www.tcpdump.org/linktypes.html for a list of LINKTYPE_ values. * * In most cases, the corresponding LINKTYPE_ and DLT_ values are the * same. In the cases where the same link-layer header type was given * different values in different OSes, a new LINKTYPE_ value was defined, * different from all of the existing DLT_ values. * * This table maps LINKTYPE_ values to the corresponding Wiretap * encapsulation. For cases where multiple DLT_ values were in use, * it also checks what <pcap.h> defineds to determine how to interpret * them, so that if a file was written by a version of libpcap prior * to the introduction of the LINKTYPE_ values, and has a DLT_ value * from the OS on which it was written rather than a LINKTYPE_ value * as its linktype value in the file header, we map the numerical * DLT_ value, as interpreted by the libpcap with which we're building * Wireshark/Wiretap interprets them (which, if it doesn't support * them at all, means we don't support them either - any capture files * using them are foreign, and we don't hazard a guess as to which * platform they came from; we could, I guess, choose the most likely * platform), to the corresponding Wiretap encapsulation. * * Note: if you need a new encapsulation type for libpcap files, do * *N*O*T* use *ANY* of the values listed here! I.e., do *NOT* * add a new encapsulation type by changing an existing entry; * leave the existing entries alone. * * Instead, send mail to tcpdump-workers () lists tcpdump org, asking for * a new LINKTYPE_/DLT_ value, and specifying the purpose of the new * value. When you get the new LINKTYPE_/DLT_ value, use that numerical * value in the "linktype_value" field of "pcap_to_wtap_map[]". */ If you do not request a value from tcpdum-workers () lists tcpdump org, but instead choose your own value, none of your changes to Wireshark adding that value will ever be accepted. You ***MUST*** first get an official value. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Custom link layer type for logging additional data Anil (Nov 26)
- Re: Custom link layer type for logging additional data Guy Harris (Nov 26)
- Re: Custom link layer type for logging additional data Anil (Nov 26)
- Re: Custom link layer type for logging additional data Guy Harris (Nov 26)
- Re: Custom link layer type for logging additional data Michal Labedzki (Nov 26)
- Re: Custom link layer type for logging additional data Guy Harris (Nov 26)
- Re: Custom link layer type for logging additional data Anil (Nov 26)
- Re: Custom link layer type for logging additional data Guy Harris (Nov 26)