Hi, Guy:
On Thu, Nov 4, 2010 at 4:03 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Nov 4, 2010, at 12:40 PM, Xiaochun Lu wrote:
>
> yes, my git version is 1.2.0-PRE-GIT.
> xcrp is a regular network device. The problem is that it is not
> supported by libpcap yet. I add DLT value for xcrp by myself.
>
> Don't do that. If you chose some value other than DLT_USER0/LINKTYPE_USER0
> through DLT_USER15/LINKTYPE_USER15 for it, at some point in the future,
> there is a significant chance that the tcpdump.org developers will assign
> some other DLT_/LINKTYPE_ the same numerical value (and the closer the value
> you chose is to the current maximum value, the closer that point in the
> future moves to the present), at which point, if you're maintaining your own
> version of Wireshark, doing so will be harder, as the standard version of
> Wireshark might interpret that DLT_/LINKTYPE_ value as being for something
> other than xcrp packets.
> If you only plan to use that link-layer type in your organization (company,
> company department, university lab, government lab, personal hobby, etc.),
> then you should use one of the DLT_USERn types, and maintain your own
> modified versions of libpcap and Wireshark; no version of libpcap will
> *EVER* use DLT_USERn values itself, and no version of Wireshark will ever
> use the corresponding WTAP_ENCAP_USERn values itself.
> If you plan to use that link-layer type outside your organization, you
> should request that tcpdump.org assign you a DLT_ value; to request a DLT_
> value, send an email to tcpdump-workers@xxxxxxxxxxx. In that mail, if the
> link-layer header format is specified by a standard (for example, IEEE 802
> networks), specify the standard; if it's not specified by a standard - this
> includes a header that is based on a standard but doesn't conform to the
> standard because, for example, it adds extra padding to the header - then
> describe the header in detail.
>
XCRP act as multiplexer between layer 2 and layer3. It is not a
standard interface.
I guess it will be difficult to get DLT_value from tcpdump.org.
Using DLT_USERn fits my need too.
> Right now, I can capture packets without capture filter. Then I can
> apply read filter when read it out from pcap file. seems to me that I
> need add
> some special code for DLT_XCRP in gen_linktype(protol).
>
> If you don't care whether you can use a capture filter with your link-layer
> type, then add to gen_linktype() a case statement such as
> case DLT_XCRP:
> bpf_error("XCRP link-layer type filtering not implemented");
> before the
> /*
> * All the types that have no encapsulation should either be
> * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
> * all packets are IP packets, or should be handled in some
> * special case, if none of them are (if some are and some
> * aren't, the lack of encapsulation is a problem, as we'd
> * have to find some other way of determining the packet type).
> *
> * Therefore, if "off_linktype" is -1, there's an error.
> */
> if (off_linktype == (u_int)-1)
> abort();
>
> code (which is probably the code that's calling abort()).
> If you *do* care, you'll have to add some more code to libpcap; you should
> probably ask about that on tcpdump-workers@xxxxxxxxxxx.
>
I will do it.
Thanks
shawn___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
