Re: [tcpdump-workers] configure script problem while working on extention

[Christian via tcpdump-workers]

--- Begin Message ---

Maybe this should be also mentioned within the libpcap module howto?

https://www.tcpdump.org/libpcap-module-HOWTO.html


BR Christian


Make sure that libpcap.a includes pcap-kpnode.o, by making sure that 
pcap-kpnode.c is in the list of source modules to be compiled and included in 
libpcap.

For Makefile.in, that means adding it to

MODULE_C_SRC = @MODULE_C_SRC@

after @MODULE_C_SRC@ so you have

MODULE_C_SRC = @MODULE_C_SRC@ pcap-kpnode.c



--- End Message ---
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

[tcpdump-workers] DLT_AUERSWALD_LOG and LINKTYPE_AUERSWALD_LOG

[developer--- via tcpdump-workers]

--- Begin Message ---
What are the steps to finalize registering the DLT and LINKTYPE.


We are about to release another major release of our software and would like to 
stop using USER0.
Conflicts have been resolved and review was requested quite a while ago.
As far as I can see the merge request is waiting for approval by guyharris.

https://github.com/the-tcpdump-group/libpcap/pull/995

Thanks in advance

Frank Gorgas-Waller


--- End Message ---
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

[tcpdump-workers] DLT type for Libpcap Library

[Christian via tcpdump-workers]

--- Begin Message ---
Hello everyone, another question that I have is which DLT-type I should 
use for my libpcap-module. Since Im writing a module which acquires data 
from a kernel module, which in turn has no IP-based packages at all. I 
have to define my very own data-type from the base onwards. But because 
this is nothing worth to release (maybe only for documentation of an 
example) I would rather use a DLT_USERn linktype. But this is only 
defined on applications which use pcap lib, not libpcap itself? Another 
question is: how to map the structure(s) in which I define my data types 
with the symbol in dlt.h?



Thanks for your help again


BR Christian

--- End Message ---
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] DLT type for Libpcap Library

[Guy Harris via tcpdump-workers]

--- Begin Message ---
On Aug 24, 2022, at 11:31 AM, Christian via tcpdump-workers 
 wrote:

> Hello everyone, another question that I have is which DLT-type I should use 
> for my libpcap-module. Since Im writing a module which acquires data from a 
> kernel module, which in turn has no IP-based packages at all. I have to 
> define my very own data-type from the base onwards. But because this is 
> nothing worth to release (maybe only for documentation of an example) I would 
> rather use a DLT_USERn linktype. But this is only defined on applications 
> which use pcap lib, not libpcap itself?

"Defined" in what sense?

The only ways in which the code in the libpcap library "defines" a 
LINKTYPE_/DLT_ value's format are

1) the code that compiles filter expressions needs to know the format 
of the data in a packet of a given link-layer type;

2) in order to deal with some link-layer header types where data is in 
the byte order of the host that wrote the file, libpcap, when reading a file, 
may have to byte-swap host-byte-order fields from the byte order of the host 
that wrote the file into the byte order of the host that's reading the file if 
the two are different, and the remote-pcap protocol code must do so with packet 
data from a remote server if the byte orders of the two hosts are different.

Code that reads pcap and pcapng files, whether with libpcap or independent code 
for reading pcap and pcapng files, has to provide its *own* code to interpret 
the packets; if a new LINKTYPE_/DLT_ value is added, neither tcpdump nor 
Wireshark nor any other program will acquire the ability to handle that file 
format as a result of any changes to libpcap for that format - new code will 
have to be written for those programs.

I.e., making tcpdump or Wireshark or... handle your data-link type is up to 
you.  You'l have to modify tcpdump or Wireshark, or add a plugin for Wireshark.

(And note that code that processes those files doesn't define the formats; they 
follow the definitions of the formats.  The *definitions* of the formats are 
currently at

https://www.tcpdump.org/linktypes.html

However, those definitions themselves may refer to other specifications.  For 
example, the format of LINKTYPE_ETHERNET/DLT_EN10MB packet data is really 
defined by the LAN/MAN Standards Committee of the IEEE Computer Society, not by 
The Tcpdump Group or the libpcap code.)

> Another question is: how to map the structure(s) in which I define my data 
> types with the symbol in dlt.h?

"Map" in what sense?--- End Message ---
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers