Maria Cruz wrote:
Hi, if a new protocol is introduced to libpcap is it necessary to
update 'gencode.c' for parsing?
You would have to add a case to the switch statement in init_linktype().
At minimum, it'd have to do
/*
* Currently, only raw "link[N:M]" filtering is supported.
*/
off_linktype = -1;
off_nl = -1;
off_nl_nosnap = -1;
return;
If you do that, you won't be able to, for example, filter with "host
<hostname>".
If you want to do any fancier filtering, you'd have to, instead, have
the case set those variables to the appropriate values. Among other
things, that would require that, within a link-layer packet, there had
better be only one higher-layer packet, e.g. one IPv4 or IPv6 datagram.
I would like libpcap to read the packet 'raw'
and pass on.
At what layer of Figure 1 in "1.4 Reference model" of IEEE Std
802.16-2004 will you be intercepting packets?
I plan on using Ethereal to dissect/analyze.
You might want to plan on using Wireshark, instead. :-)
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
