Wireshark mailing list archives
Re: How to add a wtap encapsulation?
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Wed, 13 Oct 2010 11:43:40 -0400
Yo Mismo wrote:
I want to add a wtap encapsulation for a new link layer protocol. I have added the name and abrev to encap_type_info encap_table_base in wtap.c and also in wtap.h I have added it (#define WTAP_ENCAP_XXX 127) The dissector reg handoff calls dissector_add("wtap_encap", WTAP_ENCAP_XXX , xxx_handle); But when I open a captured file, the dissector don't works and it shows WTAP ENCAP = 0 in the info column When I use for example dissector_add("wtap_encap", 0 , xxx_handle); the dissector works fine, so I think it's a problem with the definition for encapsulation. What I'm doing wrong?
The WTAP_ENCAP numbers are NOT equal to the PCAP DLT numbers. There is a mapping between the two in pcap-common.c. Of course (to reiterate what Chris said) you MUST first get a new PCAP DLT number from tcpdump-workers OR use one of the "USER" ones. It's very easy to do and will save everyone a lot of headaches. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- How to add a wtap encapsulation? Yo Mismo (Oct 13)
- Re: How to add a wtap encapsulation? Christopher Maynard (Oct 13)
- Re: How to add a wtap encapsulation? Jeff Morriss (Oct 13)
- Re: How to add a wtap encapsulation? Guy Harris (Oct 13)
- <Possible follow-ups>
- Re: How to add a wtap encapsulation? Yo Mismo (Oct 14)
- Re: How to add a wtap encapsulation? Guy Harris (Oct 14)