Hi, Any chance of getting forward on this? I'm not sure what I should change/make clearer to get this request accepted. We now have another use case in Wireshark: - Exporting decrypted packets from SSL sessions by "cutting" them off after the SSL layer and saving the file with the new DLT value the TLV:s and then the PDU:s Following after the SSL layer. Regards Anders Broman
-----Original Message----- From: tcpdump-workers-boun...@lists.tcpdump.org [mailto:tcpdump-workers-boun...@lists.tcpdump.org] On Behalf Of Anders Broman Sent: den 24 maj 2013 10:59 To: tcpdump-workers@lists.tcpdump.org Subject: Re: [tcpdump-workers] Request for new DLT -----Original Message----- From: m...@sandelman.ca [mailto:m...@sandelman.ca] Sent: den 23 maj 2013 20:03 To: Anders Broman Cc: tcpdump-workers@lists.tcpdump.org Subject: Re: [tcpdump-workers] Request for new DLT >>>>> "Anders" == Anders Broman <anders.bro...@ericsson.com> writes: Pascal> Anders can describe it better than me, but the format Pascal> intends to be versatile.It allows you to export any higher Pascal> level PDUs in a pcap file while maintaining some basic Pascal> information about the lower layers >So, how are the higher level PDUs going to be described? >that is, will you have a recursive DLT value, or what exactly? Pascal> (like the transport one). The current code sample in Pascal> Wireshark is for SIP protocol, but could be extended to any Pascal> protocol if there is a need. With a DLT allocated, it would Pascal> allow the feature to work out of >I'd rather have it be rather specific and well defined, then loose and >nebulous. DLTs already require too much specialized knowledge to decode as it >is. I'm not sure I get the objection, do you feel that these protocol type tag isn't clear enough? #define EXP_PDU_TAG_LINKTYPE 11 /**< The value part is the linktype value defined by tcpdump * http://www.tcpdump.org/linktypes.html */ #define EXP_PDU_TAG_PROTO_NAME 12 /**< The value part should be an ASCII non NULL terminated string * of the short protocol name used by Wireshark e.g "sip" * Will be used to call the next dissector. */ /* Add protocol type related tags here NOTE Only one protocol type tag may be present in a packet, the first one found will be used*/ The meta data tags are optional. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
