Wireshark mailing list archives
IPoIB dissector: snoop file vs pcap data
From: Petr Sumbera <petr.sumbera () oracle com>
Date: Fri, 18 Mar 2016 17:00:46 +0100
Hi, at this moment Wireshark can read snoop files with IPoIB[1] data: https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-ipoib.cI'm working on extending it to support also data as they come from PCAP on Solaris (at this moment Solaris generates data with DLT_USER15 which need to be fixed anyway).
Unfortunately there is for some unknown reason following difference: Snoop contains: IPoIB header [4 bytes] IP data PCAP data contains: GRH Header (multicast) or just 20 bytes address (unicast) [40 bytes] IPoIB header [4 bytes] IP dataWith Wireshark 1.12 I was considering to distinguish between these two data in dissector via pinfo->file_type_subtype. But with Wireshark 2.0 it doesn't seem to be possible any more (file_type_subtype is not available in dissector).
What would you recommend me here?Or should I rather apply for completely different DLT_ value and create new dissector?
Thanks, Petr [1] https://tools.ietf.org/html/rfc4391 ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- IPoIB dissector: snoop file vs pcap data Petr Sumbera (Mar 18)
- Re: IPoIB dissector: snoop file vs pcap data Guy Harris (Mar 18)