Wireshark mailing list archives
Re: Enhancement of built-in dissector
From: Guy Harris <guy () alum mit edu>
Date: Fri, 26 Aug 2011 03:08:55 -0700
On Aug 26, 2011, at 2:15 AM, <HPfrommer () hilscher com> wrote:
some time ago I submitted a patch (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6082) to enhance some features of a built in dissector. Unfortunately, nothing happened so far. I know you guys are quite busy, but I would appreciate if someone could check the patch, to have it available with the next releases.
I checked it, and I refuse to check it in for any release - the very notion of a heuristic dissector for the frame dissector makes no sense whatsoever, as the contents of the frame depend on the link-layer type of the frame. As I said in the bug: The very notion of a heuristic dissector running directly atop the "frame" dissector is nonsensical; the contents of the frame depend on the link-layer type of the frame; you don't know whether the frame is an Ethernet frame or an 802.11 frame or an 802.11 frame with a radiotap header or an 802.11 frame with a PRISM header or a Token Ring frame or an FDDI frame or a PPP frame or a BSD loopback interface frame or a raw IP frame or an ATM AAL5 frame with some particular flavor of pseudo-header or.... If Hilscher made the huge mistake of putting into a pcap file with a link-layer type of 1 (LINKTYPE_ETHERNET/DLT_EN10MB) frames that have a netANALYZER-specific header, followed by a regular Ethernet frame, that's their mistake, not ours; if they want to put their frames into pcap files, they should request a LINKTYPE_/DLT_ value for their packets from tcpdump-workers () lists tcpdump org, and contribute code for Wireshark that adds a new WTAP_ENCAP_ value for that LINKTYPE_ value, maps that LINKTYPE_ value to the new WTAP_ENCAP_ value, and adds a dissector for that WTAP_ENCAP_ value. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Enhancement of built-in dissector HPfrommer (Aug 26)
- Re: Enhancement of built-in dissector Guy Harris (Aug 26)
- Re: Enhancement of built-in dissector HPfrommer (Aug 30)
- Re: Enhancement of built-in dissector Guy Harris (Aug 26)