Re: [tcpdump-workers] Request for new DLT

Thu, 27 Jun 2013 17:29:08 -0700 


-----Original Message-----
From: m...@sandelman.ca [mailto:m...@sandelman.ca] 
Sent: den 28 juni 2013 01:51
To: Anders Broman
Cc: tcpdump-workers@lists.tcpdump.org
Subject: Re: [tcpdump-workers] Request for new DLT


Anders Broman <anders.bro...@ericsson.com> wrote:
    > Currently there is two tags defined to indicate which protocol the
    > packet block starts with:
    > #define EXP_PDU_TAG_LINKTYPE          11 /**< The value part is the 
linktype value defined by tcpdump
    > * http://www.tcpdump.org/linktypes.html
    > */
    > #define EXP_PDU_TAG_PROTO_NAME        12 /**< The value part should be
    >    an ASCII non NULL terminated string
    > * of the short protocol name used by Wireshark e.g "sip"
    > * Will be used to call the next dissector.
    > */
    > The Wireshak implementation currently only uses EXP_PDU_TAG_PROTO_NAME .
    > Is this good enough?

Seems good enough to me.
Is there a stable reference in the wireshark tree/doc/etc. I can point to?

Currently the header file contain the documentation of the TLV:s 
http://anonsvn.wireshark.org/viewvc/trunk/epan/exported_pdu.h?revision=50060&view=markup
I plan to add a wiki page at http://wiki.wireshark.org/ the "next PDU" TLV:s 
will not change but TAG:s may be added as the need arises. It would be great if 
this suffices
To get the DLT then we can proceed to finalize the documentation and have a 
nice wiki page too. If you feel more documentation is needed before allocating 
the DLT we can work on that.

Best regards
Anders Broman

How does this sound:

/*
 * DLT type for upper-protocol layer PDU saves from wireshark.
 *
 * the actual contents are determined by two TAGs stored with each
 * packet:
 *   EXP_PDU_TAG_LINKTYPE          the link type (DLT value) of the
 *                                 original packet.
 *
 *   EXP_PDU_TAG_PROTO_NAME        the name of the wireshark dissector
 *                                 that can make sense of the data stored.
 */
#define DLT_WIRESHARK_UPPER_PDU 252

Code should be on github in... there:
https://github.com/the-tcpdump-group/libpcap/commit/e65639c26a00397703102861466473c24181b47c

please fork/edit with more info, and let us know how it works.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     m...@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Reply via email to