Wireshark-dev: Re: [Wireshark-dev] gencode.c

From: Xiaochun Lu <xiaoclu@xxxxxxxxx>
Date: Thu, 4 Nov 2010 12:40:09 -0700
Hi, Guy:
yes, my git version is 1.2.0-PRE-GIT.
xcrp is a regular network device. The problem is that it  is not
supported by libpcap yet. I add DLT value for xcrp by myself. I also
add some code to wire shark
to decode xcrp packets.  I did it a few months ago and forget what is
gencode.c at all.

Right now,  I can  capture packets without capture filter. Then  I can
apply read filter when read it out from pcap file. seems to me that I
need add
some special code for DLT_XCRP  in gen_linktype(protol).


Thanks!
shawn

On Thu, Nov 4, 2010 at 12:04 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Nov 4, 2010, at 11:54 AM, Xiaochun Lu wrote:
>
>> My libpcap version is libpcap_1.2.0.
>
> The latest release from tcpdump.org is 1.1.1.  If you build the Git trunk version, it's 1.2.0-PRE-GIT.
>
> What does "dumpcap -v" print?
>
>>  xcrp is a network device with
>> special link layer header.  I guess the problem  is libpcap can't
>> figure out what it is.
>
> No, it can figure it out, but it probably doesn't realize that the link-layer header doesn't support a link-layer type field of the type it understands - which means that it won't support a TCP-based or UDP-based filter such as "port 123", as it won't even be able to figure out whether a packet is an IP packet.
>
> Is xcrp a regular network device, or is it a device with special support in libpcap?  If it's a regular network device, what's its ARPHRD_ value?
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>