Skip to content

Adding New Linktypes

Jump to bottom
salcock edited this page Sep 8, 2014 · 1 revision

Steps for adding full support for a new Link type to libtrace:

  1. Get a TRACE_TYPE assigned and add it to libtrace.h

  2. Add conversions to/from your linktype

    • If your linktype is supported by pcap:
      • Add LIBTRACE_DLT of the correct number to libtrace.h
      • Add your new TRACE_TYPE to libtrace_to_pcap_dlt/pcap_dlt_to_libtrace
    • If your linktype is supported by ERF
      • Add TYPE_* of the correct number to libtrace.h
      • Add your new TRACE_TYPE to libtrace_to_erf_type/erf_type_to_libtrace
    • If your linktype is supported by the Linux kernel:

      • Add your linktype to linuxnative_get_link_type. ARPHRD's are defined in <net/if_arp.h>. If your linktype is too new to exist in that header, consider having

          #ifndef ARPHRD_foo
  #define ARPHRD_foo 1337
  #endif

  3. Add a structure to parse your linktype to libtrace.h with a name "libtrace__yourlinktype__t"

  4. Add trace_get_payload_from__yourlinktype_ to protocols_l2.c, and add code to trace_get_payload_from_layer2() to understand your linktype. If you would like your new function to be part of the libtrace API, add a prototype and documentation to libtrace.h.in.

  5. Add a protocol description to libpacketdump/

Clone this wiki locally