tcpdump mailing list archives

Re: Re: -e vs. -x, revisited

From: Andrew Brown <atatat () atatdot net>
Date: Wed, 18 Dec 2002 15:35:57 -0500

(BTW, as per another recent discussioin, that means multi-line output
even if "-v" isn't specified....)


we're already pretty much in that boat if the dissector calls
default_print(), right?


Yes, which argues that it should do so only if "-x" was specified or
"-v" was specified.


i would argue that it's a feature that undissectable packets merely
get dumped.  that, in comparison with something that prints merely
"loopback" (like i see regularly coming from my ciscos).

if (1) default_print_packet() were allowed to ignore its arguments so
that it could behave "properly" as per the given flags, (2) it set a
flag once called, that we could clear somewhere else, (3) a shim layer
was added in between pcap and the xxx_if_print() routines, then (4)
you could remove all xflag processing from all the xxx_if_print()
routines.


If by "xflag processing" you mean checking "xflag", that could be done
*now*, without *any* of that stuff, by removing it and adding the "if
(xflag)" test to "default_print_packet()".


yes, that's what i meant.

However, if you centralize the *calls* to "default_print_packet()" in
the shim layer, it won't know how long the link-layer header is, so they
won't know how to skip it.


since the xxx_if_print() routines would need to be changed anyway (to
remove all the stuff that becomes cruft), i was going to say "i don't
see why they couldn't all be changed to set a global variable to the
requisite value", but the idea of the printer returning the link layer
header length is a better idea.

To handle that, one could have the "xxx_if_print()" routines return the
link-layer header length.  Once one's done that, however, one doesn't
need any global variables - the shim routine would look something like

      void
      print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
      {
              void (*if_print)(const struct pcap_pkthdr *h, const
                  u_char *p) = user;
              u_int hdrlen;

              hdrlen = (*user)(h, p);
              if (xflag)
                      default_print(p, h->caplen, hdrlen);
      }

("main()" would set "pcap_userdata()" to the results of
"lookup_printer()", and set "printer" to "print_packet").


right.

Of course, once we've done *that*, we should probably then do

      void
      print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
      {
              void (*if_print)(const struct pcap_pkthdr *h, const
                  u_char *p) = user;
              u_int hdrlen;

              ++infodelay;
              ts_print(&h->ts);

              hdrlen = (*user)(h, p);
              if (xflag)
                      default_print_packet(p, h->caplen, hdrlen);

              putchar('\n');

              --infodelay;
              if (infoprint)
                      info(0);
      }

and remove all that stuff from the if_print routines, centralizing that
in "print_packet()" as well.


you're just so much better at this than i am.  for now.  :)

ps - i am reminded of something else i wanted at one point...i wanted
to put *all* the dissector routines into libpcap, enhance their
interfaces somewhat so that more things could be passed in (flags,
input buffer pointer and length, output buffer pointer and length,
etc), so that i could say, in my code:

        hmm....here's a packet, would you please dissect it into a
        "human readable format" and place that representation in this
        buffer?

tcpdump would call the dissectors and then just print the results.
goofy idea?

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior () daemon org             * "ah!  i see you have the internet
twofsonet () graffiti com (Andrew Brown)                that goes *ping*!"
werdna () squooshy com       * "information is power -- share the wealth."
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

Re: New APIs to support multiple DLT_'s on an interface, (continued)
- - - Re: New APIs to support multiple DLT_'s on an interface Andrew Brown (Dec 17)
    - Re: New APIs to support multiple DLT_'s on an interface David Young (Dec 16)
    - Re: New APIs to support multiple DLT_'s on an interface Guy Harris (Dec 16)
    - -e vs. -x, revisited Guy Harris (Dec 17)
    - Re: -e vs. -x, revisited Andrew Brown (Dec 17)
    - Re: Re: -e vs. -x, revisited Guy Harris (Dec 17)
    - Re: Re: -e vs. -x, revisited Andrew Brown (Dec 17)
    - Re: Re: -e vs. -x, revisited Guy Harris (Dec 18)
    - Re: Re: -e vs. -x, revisited Andrew Brown (Dec 18)
    - Re: Re: -e vs. -x, revisited Guy Harris (Dec 18)
    - Re: Re: -e vs. -x, revisited Andrew Brown (Dec 18)
    - Re: Re: -e vs. -x, revisited Guy Harris (Dec 18)
    - Re: Re: -e vs. -x, revisited Michael Richardson (Dec 18)
    - Re: Re: -e vs. -x, revisited Guy Harris (Dec 19)
    - Re: -e vs. -x, revisited Guy Harris (Dec 18)
    - Re: -e vs. -x, revisited Andrew Brown (Dec 18)
    - Re: -e vs. -x, revisited Guy Harris (Dec 19)
  - Re: proposed tcpdump dinner @IETF55 Michael Richardson (Nov 11)
- Re: proposed tcpdump dinner @IETF55 Michael Richardson (Nov 18)