Re: DLT_LAPB value assignment

[Guy Harris <guy () alum mit edu>]

Mirko.Karanovic () ttc ca wrote:

> Here is possible solution to resolve DCE/DTE origin of a LAPB packet.
>
> Wireshark libpcap.h has the  struct pcaprec_ss990915_hdr, which has
> ifindex field ( the interface on which packet came in ). During
> capturing phase FROM_DCE or FROM_DTE will be stored into ifindex field
> of the struct pcaprec_ss990915_hdr. Knowing interface index I know
> origin, DCE or DTE.

No, please, don't use the non-standard versions of libpcap format - and 
especially don't override a completely different field.  Just put an 
extra byte at the beginning of the packet data.

If you *must* use one of the non-standard versions of the libpcap 
header, at least

	1) don't use one of the "hack" versions with that SMP debugging gunk in 
it, use the pcaprec_modified_header version (called 
pcap_sf_patched_pkthdr in libpcap);

	2) use a field that's *intended* to convey the direction of the packet, 
namely the pkt_type field - use 0 for DCE->DTE ("HOST") and 4 for 
DTE->DCE ("OUTGOING").
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.