Guy Harris <guy <at> alum.mit.edu> writes: > > Maria Cruz wrote: > > Hi, if a new protocol is introduced to libpcap is it necessary to > > update 'gencode.c' for parsing? > > You would have to add a case to the switch statement in init_linktype(). > > At minimum, it'd have to do > > /* > * Currently, only raw "link[N:M]" filtering is supported. > */ > off_linktype = -1; > off_nl = -1; > off_nl_nosnap = -1; > return; > > If you do that, you won't be able to, for example, filter with "host > <hostname>". I do not really want any filtering; at this point. So the above is fine with me. > > If you want to do any fancier filtering, you'd have to, instead, have > the case set those variables to the appropriate values. Among other > things, that would require that, within a link-layer packet, there had > better be only one higher-layer packet, e.g. one IPv4 or IPv6 datagram. > I expect IPv4 or 6 datagrams in msgs.
> > I would like libpcap to read the packet 'raw' > > and pass on. > > At what layer of Figure 1 in "1.4 Reference model" of IEEE Std > 802.16-2004 will you be intercepting packets? The 'MAC Common Part Sublayer' probably, right after the 'Security Sublayer'. I would like at the PHY SAP. > > > I plan on using Ethereal to dissect/analyze. > > You might want to plan on using Wireshark, instead. > Yeah, i meant wireshark. i got the latest wireshark code, gtk+, libpcap etc. thanks for your time maria cruz - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
