Re: gencode.c

[Guy Harris <guy () alum mit edu>]

On Nov 4, 2010, at 12:40 PM, Xiaochun Lu wrote:

> yes, my git version is 1.2.0-PRE-GIT.
> xcrp is a regular network device. The problem is that it  is not
> supported by libpcap yet. I add DLT value for xcrp by myself.

Don't do that.  If you chose some value other than DLT_USER0/LINKTYPE_USER0 through DLT_USER15/LINKTYPE_USER15 for it, 
at some point in the future, there is a significant chance that the tcpdump.org developers will assign some other 
DLT_/LINKTYPE_ the same numerical value (and the closer the value you chose is to the current maximum value, the closer 
that point in the future moves to the present), at which point, if you're maintaining your own version of Wireshark, 
doing so will be harder, as the standard version of Wireshark might interpret that DLT_/LINKTYPE_ value as being for 
something other than xcrp packets.

If you only plan to use that link-layer type in your organization (company, company department, university lab, 
government lab, personal hobby, etc.), then you should use one of the DLT_USERn types, and maintain your own modified 
versions of libpcap and Wireshark; no version of libpcap will *EVER* use DLT_USERn values itself, and no version of 
Wireshark will ever use the corresponding WTAP_ENCAP_USERn values itself.

If you plan to use that link-layer type outside your organization, you should request that tcpdump.org assign you a 
DLT_ value; to request a DLT_ value, send an email to tcpdump-workers () tcpdump org.  In that mail, if the link-layer 
header format is specified by a standard (for example, IEEE 802 networks), specify the standard; if it's not specified 
by a standard - this includes a header that is based on a standard but doesn't conform to the standard because, for 
example, it adds extra padding to the header - then describe the header in detail.

> Right now,  I can  capture packets without capture filter. Then  I can
> apply read filter when read it out from pcap file. seems to me that I
> need add
> some special code for DLT_XCRP  in gen_linktype(protol).

If you don't care whether you can use a capture filter with your link-layer type, then add to gen_linktype() a case 
statement such as

        case DLT_XCRP:
                bpf_error("XCRP link-layer type filtering not implemented");

before the

        /*
         * All the types that have no encapsulation should either be
         * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
         * all packets are IP packets, or should be handled in some
         * special case, if none of them are (if some are and some
         * aren't, the lack of encapsulation is a problem, as we'd
         * have to find some other way of determining the packet type).
         *
         * Therefore, if "off_linktype" is -1, there's an error.
         */
        if (off_linktype == (u_int)-1)
                abort();

code (which is probably the code that's calling abort()).

If you *do* care, you'll have to add some more code to libpcap; you should probably ask about that on tcpdump-workers 
() tcpdump org.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe