On Aug 28, 2009, at 6:08 AM, Patrick Lannigan wrote:
We have a tool in place that can write the packets to the libpcap
file format.
...which means that either:
1) you've chosen an existing DLT_ value to use in the file header;
2) you've requested a DLT_ value from tcpdump-workers@xxxxxxxxxxx,
and are waiting for it, and will use that in the file header;
3) you're using one of DLT_USER0 through DLT_USER15.
If it's an existing DLT_ value, then either
1) there's a WTAP_ENCAP_ value corresponding to that DLT_ value, in
which case you would register your dissector in the wtap_encap
dissector table with the WTAP_ENCAP_ value
or
2) there isn't a WTAP_ENCAP_ value corresponding to that DLT_ value,
in which case a new WTAP_ENCAP_ value for it needs to be allocated if
there isn't already one, and wiretap/pcap-common.c needs to be changed
to map between that DLT_ value and that new WTAP_ENCAP_ value.
If you've requested a DLT_ value, once it's assigned, it's just like
the previous case.
If it's one of DLT_USER0 through DLT_USER15, use the corresponding
WTAP_ENCAP_USER0 through WTAP_ENCAP_USER15 value.