IPoIB dissector: snoop file vs pcap data

[Petr Sumbera <petr.sumbera () oracle com>]

Hi,

at this moment Wireshark can read snoop files with IPoIB[1] data:

https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-ipoib.c

I'm working on extending it to support also data as they come from PCAP 
on Solaris (at this moment Solaris generates data with DLT_USER15 which 
need to be fixed anyway).

Unfortunately there is for some unknown reason following difference:

Snoop contains:
IPoIB header [4 bytes]
IP data

PCAP data contains:
GRH Header (multicast) or just 20 bytes address (unicast) [40 bytes]
IPoIB header [4 bytes]
IP data

With Wireshark 1.12 I was considering to distinguish between these two 
data in dissector via pinfo->file_type_subtype. But with Wireshark 2.0 
it doesn't seem to be possible any more (file_type_subtype is not 
available in dissector).

What would you recommend me here?

Or should I rather apply for completely different DLT_ value and create 
new dissector?

Thanks,

Petr

[1] https://tools.ietf.org/html/rfc4391
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe