Ethereal-dev: Re: [Ethereal-dev] WTAP_ENCAP_PER_PACKET for PCAP files?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 28 Oct 2003 13:55:50 -0800

On Oct 28, 2003, at 7:18 AM, Jeff Morriss wrote:
I was updating the RawSS7 dissector to have just the embedded protocol/LINKTYPE_ (e.g., removing the length) when I came across WTAP_ENCAP_PER_PACKET--which is exactly what the RawSS7 dissector looks like now. The 'mergecap' man page says PCAP files don't support WTAP_ENCAP_PER_PACKET, but I looked into extending wiretap's libpcap routines to deal with it
...which means, in effect, extending libpcap format, albeit through a bit of a hack. 


 and it didn't seem too hard.
Well, what I have in mind for a next-generation libpcap format includes adding some additional information to the per-packet header - but what I had in mind was an interface index, not a link-layer type. The file would have a list of network interfaces, with various attributes - at minimum, an interface index number and a link-layer type (the interface index number is supplied in case, for whatever reason, the interface indices in the capture aren't a dense set of integers starting at 0), and also perhaps names and descriptions (optional parameters).
Would that work for SS7? If so, perhaps we should stick with the RawSS7 for now, and adopt the next-generation libpcap format as soon as it's final (I intend it to be an extensible format, with TLV-based per-file, per-packet, etc. attributes, so "final" just means "good enough to implement in libpcap and Wiretap, and good enough to build upon").