Re: How to add a wtap encapsulation?

[Jeff Morriss <jeff.morriss.ws () gmail com>]

Yo Mismo wrote:
> I want to add a wtap encapsulation for a new link layer protocol. I have 
> added the name and abrev to encap_type_info encap_table_base in wtap.c 
> and also in wtap.h I have added it (#define WTAP_ENCAP_XXX   127)
>  
> The dissector reg handoff calls
> dissector_add("wtap_encap", WTAP_ENCAP_XXX , xxx_handle);
>  
> But when I open a captured file, the dissector don't works and it shows 
> WTAP ENCAP = 0 in the info column
>  
>  
>  
> When I use for example
> dissector_add("wtap_encap", 0 , xxx_handle);
>  the dissector works fine, so I think it's a problem with the definition 
> for encapsulation. What I'm doing wrong?

The WTAP_ENCAP numbers are NOT equal to the PCAP DLT numbers.  There is 
a mapping between the two in pcap-common.c.

Of course (to reiterate what Chris said) you MUST first get a new PCAP 
DLT number from tcpdump-workers OR use one of the "USER" ones.  It's 
very easy to do and will save everyone a lot of headaches.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe