On Jan 17, 2011, at 8:11 AM, Jens Grimmer wrote: > Hi wireshark community,
(Actually, this list is more like "the tcpdump and libpcap community", but, not surprisingly, there's some overlap between the two communities.) > I would like to ask for a new encapsulation type for libpcap files > (WTAP_ENCAP_xx as well as DLT_xx value). WCAP_ENCAP_ values aren't necessarily fixed values; unlike LINKTYPE_ values, they don't appear in files. There's no reservation-in-advance procedure for them; you'd get a new one when contributing a Wireshark dissector patch. DLT_ values and the corresponding LINKTYPE_ values are assigned here by tcpdump.org, as the LINKTYPE_ value *does* appear in files. > [note: If I'm not wrong we would nee a new, unique DLT_NG40 (>=230) value in > pcap/bpf.h as well as new WTAP_ENCAP_NG40 (>=129) and WTAP_FILE_NG40 (>=61) > in wiretap/wtap.h. > - Sure these values need to bee unique, so I have to ask to get them > reserved.] > > I'm a developer at the NG4T GmbH – a start-up in Berlin, Germany founded by > former Tektronix employees. We provide protocol test software, mainly running > on Linux machines. For a customer project we have to integrate ATM > hard/software which is not yet supported by libpcap/wireshark. Especially for > AAL2 and AAL5 monitoring we have to provide additional context information. > In the past weeks I prepared (locally) a couple of files (for libpcap and > wireshark). What are the next steps to get these enhancements and new files > into the common development cycle for common use? The first step is to assign the DLT_/LINKTYPE_ value; after that, just submit patches for libpcap to [email protected] or the libpcap SourceForge site's tracker, and submit patches for Wireshark to [email protected] or the Wireshark Bugzilla. > If you need more information, please send me a mail. > > [note: The network interface card is the XS2010 card from Xalyo (a company in > Switzerland) which carries ATM traffic. From my knowledge this card is not > yet supported by libpcap/wireshark. Currently we have to monitor mainly AAL5 > traffic (e.g..: here we have to provide channel information like VPI,VCI) and > AAL2 traffic (e.g.: here we have to provide VPI,VCI, CID and additional > context information to the FP dissector like channel type, division, > direction – similar to the information provided by the Tektronix K12). So presumably the packet data begins with a pseudo-header with that information; could you give a description of that pseudo-header? > I checked out the libpcap and wireshark projects from svn. (Presumably you mean "I checked out the libpcap project from Git and the Wireshark project from SVN"; libpcap and tcpdump went from CVS to Git without stopping at SVN first.) > For the pcap library I wrote a new pcap-ng40.c/h similar to the pcap-dag.c/h. > For wireshark I made new epan/dissectors/packet-ng40.c/h and put the > necessary calls to file_access.c, pcap-common.c, wtap.c and defined the > pseudo- header-structure in wtap.h. So far on my test machines the modified > pcap-libray as well wireshark are running fine under 32bit and 64bit > Debian-Linux. Nevertheless I have to do some enhancements the next days. So I > expect to have a 'check-in candidate' about end of January. For sure, all > software we provide to integrate this card, is GNU public licensed.] libpcap (and tcpdump) are under a BSD license - it's currently mostly the 4-clause BSD license, which is considered incompatible with the GPL: http://www.gnu.org/licenses/gpl-faq.html#OrigBSD Even if it were converted to the 3-clause BSD license, it might be better if the libpcap changes were BSD-licensed - Michael? (Wireshark is GPLv2, so code for it should be GPLv2-licensed.)- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
