>> actually, it oughta be simpler than you think. provided that all the
>> functions that may end up being returned from lookup_printer() set
>> packetp and snapend (as it seems they do), then one could simply
>> change default_print_unaligned as follows:
>
>Unfortunately, they don't all set "packetp" to the right value - to
>quote the comment that appears in many print-XXX.c files:
>
> /*
> * Actually, the only printers that use packetp are print-arp.c
> * and print-bootp.c, and they assume that packetp points to an
> * Ethernet header. The right thing to do is to fix them to know
> * which link type is in use when they excavate. XXX
> */
>
>The claim in question is not, in fact, true of "print-arp.c", but it is
>...
well...drat!
okay...how about if instead of
} else {
printer = lookup_printer(pcap_datalink(pd));
pcap_userdata = 0;
}
we had something like
} else {
printer = generic_printer(pcap_datalink(pd));
pcap_userdata = 0;
}
and
void
generic_printer(u_char *user _U_, const struct pcap_pkthdr *h, const u_char *p)
{
static pcap_handler dlt_printer = NULL;
if (dlt_handler == NULL)
dlt_handler = generic_printer(pcap_datalink(pd));
packet_start = p;
packet_len = h->caplen;
(*dlt_printer)(_U_, h, p);
/* handle -x here? */
}
the framework is all there to stuff another slim layer in between the
per-dlt printer and the pcap library. the only tricky bit might be
for those dlt printers that do the -x output by default. we don't
need two copies printed.
--
|-----< "CODE WARRIOR" >-----|
[EMAIL PROTECTED] * "ah! i see you have the internet
[EMAIL PROTECTED] (Andrew Brown) that goes *ping*!"
[EMAIL PROTECTED] * "information is power -- share the wealth."
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
