Wireshark mailing list archives
Re: Defining a DLT which could be used to dissect any protocol.
From: Guy Harris <guy () alum mit edu>
Date: Tue, 7 Feb 2012 10:38:26 -0800
On Feb 7, 2012, at 6:33 AM, Anders Broman wrote:
How about defining a DLT with a TLV based header which could be used to carry any protocol - a tag would contain the name of the protocol to be called the name would of course have to correspond To the name the dissector has registered in Wireshark - yes this is a weakness an alternative would be to give every protocol a number but that means keeping a registry list. Tags could be defined to carry any extra info needed.
What is the purpose of this? I *REALLY* don't like "generic" link-layer type values that don't cover a specific protocol. If people want multiple different link-layer header types in the same file, that's what pcap-NG is for. Note also that there isn't a one-to-one correspondence between protocol names and dissector names - for example, we have multiple dissectors for Ethernet, depending on whether: we know that the packet includes an FCS; we know that the packet doesn't include an FCS; we don't know whether it includes an FCS or not. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Defining a DLT which could be used to dissect any protocol. Anders Broman (Feb 07)
- Re: Defining a DLT which could be used to dissect any protocol. Martin Mathieson (Feb 07)
- Re: Defining a DLT which could be used to dissect any protocol. Guy Harris (Feb 07)
- Re: Defining a DLT which could be used to dissect any protocol. Anders Broman (Feb 07)