Dissecting protocol running under UDP

[Beth <beth.tridium () gmail com>]

I am working with a plugin dissector that handles a protocol running under
IEEE 802.15.4.  The source code for this dissector (written by someone else)
combines the 802.15.4 dissection with the other protocol.  I am attempting
to split the existing plugin into a separate plugin for the other protocol,
and use it with the Wireshark builtin 802.15.4 dissector instead of the
homegrown one.

Here is the hitch I have encountered:  The sniffer I was given encapsulates
the 802.15.4 packets as UDP payloads.  The plugin I'm working on adds itself
to the "udp.port" dissector list for the appropriate port#, but the builtin
802.15.4 dissector only adds itself to "ethertype".

Can someone advise me on the best way to proceed from here?  I see the
following options:

1. Give up on using the builtin 802.15.4 dissector, just keep using the one
I have.

2. Modify the builtin dissector so that it adds itself to "udp.port" instead
of "ethertype".  (Which means I will no longer be able to distribute just
the plugins to other users of this protocol; they will need the modified
Wireshark build as well.)

3. Find a way to modify the builtin dissector so that it works for this
sniffer *without* affecting how it works for everyone else, and submit the
patch for approval.  (Would only do this if it were likely that others might
need a similar feature.)

I have no experience with sniffers other than this one (and don't know much
about this one either), is it common to represent wireless packets as
payloads of another network layer?

Thanks,
b.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe