1 ++++++++++++++++++++++++++++++++++++++
2 <!-- WSDG Chapter Capture -->
3 ++++++++++++++++++++++++++++++++++++++
10 This chapter needs to be reviewed and extended.
13 [[ChCaptureAddLibpcap]]
15 === How to add a new capture type to libpcap
17 The following is an updated excerpt from a developer mailing list mail about
18 adding ISO 9141 and 14230 (simple serial line card diagnostics) to Wireshark:
20 For libpcap, the first thing you'd need to do would be to get +$$DLT_*$$+ values
21 for all the link-layer protocols you'd need. If ISO 9141 and 14230 use the same
22 link-layer protocol, they might be able to share a +$$DLT_*$$+ value, unless the
23 only way to know what protocols are running above the link layer is to know
24 which link-layer protocol is being used, in which case you might want separate
27 For the rest of the libpcap discussion, I'll assume you're working with libpcap
28 1.0 or later and that this is on a UN*X platform. You probably don't want to
29 work with a version older than 1.0, even if whatever OS you're using happens to
30 include libpcap - older versions are not as friendly towards adding support for
31 devices other than standard network interfaces.
33 Then you'd probably add to the +pcap_open_live()+ routine, for whatever
34 platform or platforms this code should work, something such as a check
35 for device names that look like serial port names and, if the check
36 succeeds, a call to a routine to open the serial port.
38 See, for example, the +#ifdef HAVE_DAG_API+ code in 'pcap-linux.c' and
41 The serial port open routine would open the serial port device, set the baud
42 rate and do anything else needed to open the device. It'd allocate a +pcap_t+,
43 set its +fd+ member to the file descriptor for the serial device, set the
44 +snapshot+ member to the argument passed to the open routine, set the +linktype+
45 member to one of the +$$DLT_*$$+ values, and set the +selectable_fd+ member to
46 the same value as the +fd+ member. It should also set the +dlt_count+ member to
47 the number of +$$DLT_*$$+ values to support, and allocate an array of
48 +dlt_count+ +u_int+s, assign it to the +dlt_list+ member, and fill in that list
49 with all the +$$DLT_*$$+ values.
51 You'd then set the various +$$*_op$$+ fields to routines to handle the operations in
52 question. +read_op+ is the routine that'd read packets from the device. +inject_op+
53 would be for sending packets; if you don't care about that, you'd set it to a
54 routine that returns an error indication. +setfilter_op+ can probably just be set
55 to +install_bpf_program+. +set_datalink+ would just set the +linktype+ member to the
56 specified value if it's one of the values for OBD, otherwise it should return an
57 error. +getnonblock_op+ can probably be set to +pcap_getnonblock_fd+. +setnonblock_op+
58 can probably be set to +pcap_setnonblock_fd+. +stats_op+ would be set to a routine
59 that reports statistics. +close_op+ can probably be set to +pcap_close_common+.
61 If there's more than one +$$DLT_*$$+ value, you definitely want a +set_datalink+
62 routine so that the user can select the appropriate link-layer type.
64 For Wireshark, you'd add support for those +$$DLT_*$$+ values to
65 'wiretap/libpcap.c', which might mean adding one or more +WTAP_ENCAP+ types to
66 'wtap.h' and to the +$$encap_table[]$$+ table in 'wiretap/wtap.c'. You'd then
67 have to write a dissector or dissectors for the link-layer protocols or
68 protocols and have them register themselves with the +wtap_encap+ dissector
69 table, with the appropriate +WTAP_ENCAP+ values by calling
70 +dissector_add_uint()+.
72 ++++++++++++++++++++++++++++++++++++
73 <!-- End of WSDG Chapter Capture -->
74 ++++++++++++++++++++++++++++++++++++