On Sep 25, 2009, at 1:32 PM, Brad Guillory wrote:
So unless we are on an OpenBSD machine we will never have DLT_ENC ==
13.
Yes. (I'm the person who put that stuff into pcap/bpf.h.)
I also don't see code that would allow for DLT_ATM_RFC1483 to be
set to 13.
Not having access to any BSD/OS systems, I didn't do anything for it -
I probably should have, but as BSD/OS was discontinued a few years
ago, I probably won't bother unless some BSD/OS user complains on
tcpdump-workers or the libpcap SourceForge bug database.
I am recompiling now to make sure that it will fix my problem; but I
can't see why it wouldn't.
It appears to have fixed the problem - I was able to read the file on
my Mac - and also let me clean up some special hacks to deal with a
link-layer type of 13 on captures from some device running Nokia's
IPSO (FreeBSD-based) OS. (The hacks are still necessary - thanks a
lot, Ipsilon/Nokia, for not picking a different magic number for your
non-standard libpcap format - but at least they're simpler.)
I've checked that change into the main branch. We might want to put
it into Wireshark 1.2.3 (and, if we release one, 1.0.10).