Re: [tcpdump-workers] Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG

Thu, 04 Feb 2021 03:42:18 -0800

--- Begin Message --- 
Hi,
We currently use this code in our lua dissector to display (decoded) SIP 
messages.

-- offsets will change with the new LINKTYPE
    if (buf(148,2):uint() == MSG_TYPE_SIP) then
        sadd("src_ip",0,16)
        sadd("src_port",16,2,"uint")
        sadd("dst_ip", 18,16)
        sadd("dst_port",34,2,"uint")
        Dissector.get("sip"):call(buf(msg_start, msg_len):tvb(), pinfo, subtree)
        return
    end

We could theoretically use a different LINKTYPE_ that would just contain the 
same SIP information, however it would cause major changes for us, due to the 
way logging is realized in our systems.
We had to adapt a legacy logging interface that does not allow us to put those 
packages into a different LINKLAYER_ without some major redesign, for which I 
do not see any time in the near future.
The pcapng interface we provide only combines network traffic with that one 
logging stream.

Best regards
Frank Gorgas-Waller

________________________________
Von: Anders Broman <anders.bro...@ericsson.com>
Gesendet: Donnerstag, 4. Februar 2021 10:32:51
An: Michael Richardson; develo...@auerswald.de
Cc: tcpdump-workers@lists.tcpdump.org
Betreff: Re: [tcpdump-workers] Request for new LINKTYPE_* code 
LINKTYPE_AUERSWALD_LOG

Hi,
You should perhaps take a look at the exported plus link type and wireshark 
sources. It may be doing similar things. New tags could be added.
Regards
Anders

Hämta Outlook för Android<https://aka.ms/ghei36>

________________________________
From: tcpdump-workers <tcpdump-workers-boun...@lists.tcpdump.org> on behalf of 
developer--- via tcpdump-workers <tcpdump-workers@lists.tcpdump.org>
Sent: Thursday, February 4, 2021 10:25:07 AM
To: Michael Richardson <m...@sandelman.ca>
Cc: tcpdump-workers@lists.tcpdump.org <tcpdump-workers@lists.tcpdump.org>
Subject: Re: [tcpdump-workers] Request for new LINKTYPE_* code 
LINKTYPE_AUERSWALD_LOG

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://protect2.fireeye.com/v1/url?k=6834631a-37af5a37-68342381-8692dc8284cb-36a161c5fa71f9bb&q=1&e=1c2aa5de-a64f-4983-9bfb-41b294d0b43c&u=https%3A%2F%2Flists.sandelman.ca%2Fmailman%2Flistinfo%2Ftcpdump-workers

--- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Reply via email to