Fulko Hew wrote:
a given capture will only ever have a single protocol within it,
but since the header is common for all protocols, I thought it was
better to
ask for a single DLT instead rather than one DLT per protocol.
Not necessarily - DLTs are cheap, and Wireshark already has, for
example, a WTAP_ENCAP_FRELAY_WITH_PHDR encapsulation type. It currently
assumes a pseudo-header with less information than your pseudo-header
will provide, but that pseudo-header can be generalized in a way to
indicate which pieces of information it has. Its WTAP_ENCAP_LAPB
already assumes a pseudo-header with direction information; again, that
could be extended.
That'd be a bit more work, but I can help with that.
(Sigh. I wish pcap-NG and the supporting code were done; it already
has, in the packet metadata header, along with the time stamp and
lengths, a direction indicator and 16 bits of "link-layer-dependent
errors" which could be used for the error/status bits and possibly
signal line status - it also has 7 reserved bits that might be usable
for that.)
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.