Re: [tcpdump-workers] Variable length mac headers and gencode.c (and

2011-06-03 Thread Darren Reed
On 13/05/11 12:52 AM, Darren Reed wrote: On 12/05/11 04:27 AM, Guy Harris wrote: On May 10, 2011, at 1:40 PM, Darren Reed wrote: To pursue this a little further, experimenting has determined that the best layout thus far would be something similar to this: bits field 00-07 version (1) 08-15

Re: [tcpdump-workers] Variable length mac headers and gencode.c (and

2011-05-13 Thread Darren Reed
On 13/05/11 01:02 AM, Guy Harris wrote: On May 13, 2011, at 12:52 AM, Darren Reed wrote: The goal of this is quite specific: to allow packets on a network device to have mixed link-layer headers present and be able to use tcpdump and friends to push meaningful filters into the kernel. The g

Re: [tcpdump-workers] Variable length mac headers and gencode.c (and DLT request)

2011-05-13 Thread Guy Harris
On May 13, 2011, at 12:52 AM, Darren Reed wrote: > The goal of this is quite specific: to allow packets on a network device > to have mixed link-layer headers present and be able to use tcpdump and > friends to push meaningful filters into the kernel. The general thrust > of that is towards IP, t

Re: [tcpdump-workers] Variable length mac headers and gencode.c (and

2011-05-13 Thread Darren Reed
On 12/05/11 04:27 AM, Guy Harris wrote: On May 10, 2011, at 1:40 PM, Darren Reed wrote: To pursue this a little further, experimenting has determined that the best layout thus far would be something similar to this: bits field 00-07 version (1) 08-15 pad (0) 16-31 pre-mac payload length 32-63

Re: [tcpdump-workers] Variable length mac headers and gencode.c (and DLT request)

2011-05-12 Thread Guy Harris
On May 10, 2011, at 1:40 PM, Darren Reed wrote: > To pursue this a little further, experimenting has > determined that the best layout thus far would be > something similar to this: > > bits field > 00-07 version (1) > 08-15 pad (0) > 16-31 pre-mac payload length > 32-63 dlt (DLT_*) > 64-79 eth

Re: [tcpdump-workers] Variable length mac headers and gencode.c (and

2011-05-12 Thread Darren Reed
To follow this on, looking at the output of "tcpdump -d", it became obvious that the opcodes could be optimised. The optimised would need to be seriously smarter than it currently is to detect that it has a repeating group of six statements, of which the second can be eliminated. That's completely

[tcpdump-workers] Variable length mac headers and gencode.c (and DLT request)

2011-05-10 Thread Darren Reed
To pursue this a little further, experimenting has determined that the best layout thus far would be something similar to this: bits field 00-07 version (1) 08-15 pad (0) 16-31 pre-mac payload length 32-63 dlt (DLT_*) 64-79 ethernet protocol number 80-95 pad (0) The pads are to ensure that fiel