Re: having trouble using libpcap to write DLT_USER0 captures

[Guy Harris <guy () alum mit edu>]

On Nov 29, 2011, at 11:38 AM, Sam Roberts wrote:

> DLT_USER0 is available for internal use, and pcap_open_dead() will
> accept it, but pcap_dump_open() is complaining that it doesn't know
> the corresponding link type.
>
> I assume this is intentional, but why is it a feature? It seems
> preferable that people use libpcap to write pcap files than rolling
> their own, probably buggy, versions.
>
> With the change below I can write USER0 pcaps and read them with wireshark.

With the change I checked in:

        1) DLT_USERn is mapped to and from LINKTYPE_USERn;

        2) every time a new DLT_/LINKTYPE_ value is assigned (bearing in mind that, when that's done, DLT_xxx must 
equal LINKTYPE_xxx), as long as DLT_MATCHING_MAX and LINKTYPE_MATCHING_MAX are updated, the new DLT_xxx will be mapped 
to and from LINKTYPE_xxx without needing to update the mapping table;

        3) every time a new DLT_ value is assigned, as long as DLT_MATCHING_MAX is updated, the filter code generator 
won't reject all filters for the new DLT_ value (unless you add explicit code to handle it, it'll only handle 
"link[M:N]" in filter expressions, but at least an empty filter won't be rejected).

The change is checked into the trunk and 1.2 branches.-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.