Re: [PATCH] libpcap: Add datalink-type to match

[Luca Bruno <lucab () debian org>]

Guy Harris scrisse:

> > There are currently three different types for it, but
> > DLT_IEEE802_15_4 is the safest standard choice.
>
> The "safest standard choice" for the interpretation of
> ARPHRD_IEEE802154 is whatever format you get for packets from a
> device with that ARPHRD_ value.

Yes, I've read bpf definitions before submitting this, and by "standard"
here I mean "the one mandated by IEEE specification".

> If you write out a file with DLT_IEEE802_15_4, can Wireshark read
> it?  If not, DLT_IEEE802_15_4 is the wrong choice, as Wireshark's
> dissector for WTAP_ENCAP_IEEE802_15_4 is pretty much by definition
> correct (DLT_IEEE802_15_4 maps to WTAP_ENCAP_IEEE802_15_4, and
> DLT_IEEE802_15_4 is, as indicated, "IEEE 802.15.4, exactly as it
> appears in the spec", the spec being the definition) and will not be
> changed to handle 802.15.4 link-layer headings with non-standard
> changes.

Yes, I'm using this at work and the patch aimed primarily at easing my
job inspecting (with wireshark) the traffic we're collecting.
I just stuck an explicit comment to the patch to let anyone aware of it,
if they need to handle non-standard traffic.

I think we're saying almost the same here, isn't it? Maybe my commit
message wasn't clear enough...

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.    | lucab (AT) debian.org
`. `'`                          | GPG Key ID: 3BFB9FB3
  `-     http://www.debian.org  | Debian GNU/Linux Developer

Attachment: _bin
Description: