Re: Enhancement of built-in dissector

[<HPfrommer () hilscher com>]

Hi Guy,

thanks for your feedback, I will request a new LINKTYPE.


-----Ursprüngliche Nachricht-----
Von: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] Im Auftrag von Guy Harris
Gesendet: Freitag, 26. August 2011 12:09
An: Developer support list for Wireshark
Betreff: Re: [Wireshark-dev] Enhancement of built-in dissector


On Aug 26, 2011, at 2:15 AM, <HPfrommer () hilscher com> wrote:

> some time ago I submitted a patch (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6082) to enhance some features 
> of a built in dissector.
> Unfortunately, nothing happened so far. I know you guys are quite busy, but I would appreciate if someone could check 
> the patch, to have it available with the next releases.

I checked it, and I refuse to check it in for any release - the very notion of a heuristic dissector for the frame 
dissector makes no sense whatsoever, as the contents of the frame depend on the link-layer type of the frame.

As I said in the bug:

The very notion of a heuristic dissector running directly atop the "frame" dissector is nonsensical; the contents of 
the frame depend on the link-layer type of the frame; you don't know whether the frame is an Ethernet frame or an 
802.11 frame or an 802.11 frame with a radiotap header or an 802.11 frame with a PRISM header or a Token Ring frame or 
an FDDI frame or a PPP frame or a BSD loopback interface frame or a raw IP frame or an ATM AAL5 frame with some 
particular flavor of pseudo-header or....

If Hilscher made the huge mistake of putting into a pcap file with a link-layer type of 1 
(LINKTYPE_ETHERNET/DLT_EN10MB) frames that have a netANALYZER-specific header, followed by a regular Ethernet frame, 
that's their mistake, not ours; if they want to put their frames into pcap files, they should request a LINKTYPE_/DLT_ 
value for their packets from tcpdump-workers () lists tcpdump org, and contribute code for Wireshark that adds a new 
WTAP_ENCAP_ value for that LINKTYPE_ value, maps that LINKTYPE_ value to the new WTAP_ENCAP_ value, and adds a 
dissector for that WTAP_ENCAP_ value.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


Hilscher Gesellschaft für Systemautomation mbH
Rheinstr. 15, 65795 Hattersheim
Sitz der Gesellschaft: Hattersheim
Geschäftsführer: Hans-Jürgen Hilscher
Registergericht: Amtsgericht Frankfurt/Main
Handelsregister: Frankfurt B 26873
www.hilscher.com

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe