tcpdump mailing list archives
Re: introduction of a new protocol
From: Guy Harris <guy () alum mit edu>
Date: Thu, 09 Nov 2006 09:27:45 -0800
Maria Cruz wrote:
Hi, if a new protocol is introduced to libpcap is it necessary to update 'gencode.c' for parsing?
You would have to add a case to the switch statement in init_linktype().
At minimum, it'd have to do
/*
* Currently, only raw "link[N:M]" filtering is supported.
*/
off_linktype = -1;
off_nl = -1;
off_nl_nosnap = -1;
return;
If you do that, you won't be able to, for example, filter with "host
<hostname>".
If you want to do any fancier filtering, you'd have to, instead, have the case set those variables to the appropriate values. Among other things, that would require that, within a link-layer packet, there had better be only one higher-layer packet, e.g. one IPv4 or IPv6 datagram.
I would like libpcap to read the packet 'raw' and pass on.
At what layer of Figure 1 in "1.4 Reference model" of IEEE Std 802.16-2004 will you be intercepting packets?
I plan on using Ethereal to dissect/analyze.
You might want to plan on using Wireshark, instead. :-) - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- introduction of a new protocol Maria Cruz (Nov 09)
- Re: introduction of a new protocol Guy Harris (Nov 09)
- Re: introduction of a new protocol Maria Cruz (Nov 09)
- Re: introduction of a new protocol Guy Harris (Nov 20)
- Re: introduction of a new protocol Maria Cruz (Nov 27)
- Re: introduction of a new protocol Guy Harris (Nov 27)
- Re: introduction of a new protocol Maria Cruz (Nov 27)
- Re: introduction of a new protocol Maria Cruz (Nov 09)
- Re: introduction of a new protocol Guy Harris (Nov 09)