Hi,
some comments:
ethereal does handle 64bit integers, but only using proto_tree_add_item()
with fields of type FT_UINT64.
do a grep for FT_UINT64 to see examples of dissectors using 64bit integers.
Update the patch to handle 64bit integers using this field type so one can
filter on it.
You do a some tvb_get_ntohl(tvb, offset+sizeof(guint32)) in the dissector
I think these sizeofs should be replaced with the constant instead as
tvb_get_ntohl(tvb, offset+4)
We are not trying to be portable here with types, we do try to decode the
fields represented in a network
protocol and these fields are always of the same length regardless of
platform.
I think it is more clearer if sizeof(guint32) is replaced with 4.
You might think differently, use your own judgement in whether to do that
change or not.
----- Original Message -----
From: "Solomon Peachy"
Sent: Saturday, November 02, 2002 9:34 AM
Subject: [Ethereal-dev] [PATCH] New dissector, yet another 802.11 sniff
header
Seems that everyone and their cousin is kluding themselves together a
sniff header. So I'll go for two!
Once upon a time, the linux-wlan-ng driver had this "monitor mode' which
included a special "sniff header". That's in ethereal as packet-prism.c.
As time went on, more people started using this header. And it's
relatively well used now.
Unfortunately, it's rather inefficient, and time and needs move on, so
here's our second attempt at a sniff header. It has more relevant data,
applies to 802.11a/b/g, and is more compact.
For a full writeup of the format, see:
http://www.shaftnet.org/~pizza/software/capturefrm.txt
"The original header format for 'monitor mode' or capturing frames was a
considerable hack. This document covers a redesign of that format."
This file will be in the next release of the linux-wlan-ng driver, as
well as support for this capture type.
The plan is to have another DLT/ARP type for this format, but it's not
strictly necessary -- the existing DLT_PRISM format has a
"msgcode/msglen" pair, and the new format keeps these fields and reworks
the rest. Once a new DLT/ARP type is created, I'll submit another
patch..
packet-prism.c has been modified to recognise the different msgcode, and
pass it off to the packet-wlancap dissector.
There are a couple of unimplemented bits in the dissector (marked with
XXX), but nothing crucial at the moment -- I'll be sumbitting more
patches to enhance the dissector as time goes on, but I'd like to get
this into ethereal sooner rather than later. :)
Incidentally, proto_tree_add_uint doesn't handle uint64, nor is there a
tvb_get_ntouint64 equivalent. Instead I had to kludge around this
with a fancy sprintf.
Also included is a slight asthetic patch to packet-ieee80211.c that
changes the register_wlan to register_ieee80211 to keep it consistent
with the filename.
- Pizza
--
Solomon Peachy solomon@xxxxxxxxxxxxxx
AbsoluteValue Systems http://www.linux-wlan.com
715-D North Drive +1 (321) 259-0737 (office)
Melbourne, FL 32934 +1 (321) 259-0286 (fax)