On Nov 4, 2010, at 12:40 PM, Xiaochun Lu wrote: yes, my git version is 1.2.0-PRE-GIT.
xcrp is a regular network device. The problem is that it is not
supported by libpcap yet. I add DLT value for xcrp by myself.
Don't do that. If you chose some value other than DLT_USER0/LINKTYPE_USER0 through DLT_USER15/LINKTYPE_USER15 for it, at some point in the future, there is a significant chance that the tcpdump.org developers will assign some other DLT_/LINKTYPE_ the same numerical value (and the closer the value you chose is to the current maximum value, the closer that point in the future moves to the present), at which point, if you're maintaining your own version of Wireshark, doing so will be harder, as the standard version of Wireshark might interpret that DLT_/LINKTYPE_ value as being for something other than xcrp packets.
If you only plan to use that link-layer type in your organization (company, company department, university lab, government lab, personal hobby, etc.), then you should use one of the DLT_USERn types, and maintain your own modified versions of libpcap and Wireshark; no version of libpcap will *EVER* use DLT_USERn values itself, and no version of Wireshark will ever use the corresponding WTAP_ENCAP_USERn values itself.
If you plan to use that link-layer type outside your organization, you should request that tcpdump.org assign you a DLT_ value; to request a DLT_ value, send an email to tcpdump-workers@xxxxxxxxxxx. In that mail, if the link-layer header format is specified by a standard (for example, IEEE 802 networks), specify the standard; if it's not specified by a standard - this includes a header that is based on a standard but doesn't conform to the standard because, for example, it adds extra padding to the header - then describe the header in detail. Right now, I can capture packets without capture filter. Then I can
apply read filter when read it out from pcap file. seems to me that I
need add
some special code for DLT_XCRP in gen_linktype(protol).
If you don't care whether you can use a capture filter with your link-layer type, then add to gen_linktype() a case statement such as
case DLT_XCRP: bpf_error("XCRP link-layer type filtering not implemented");
before the
/*
* All the types that have no encapsulation should either be
* handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
* all packets are IP packets, or should be handled in some
* special case, if none of them are (if some are and some
* aren't, the lack of encapsulation is a problem, as we'd
* have to find some other way of determining the packet type).
*
* Therefore, if "off_linktype" is -1, there's an error.
*/
if (off_linktype == (u_int)-1)
abort();
code (which is probably the code that's calling abort()).
|
