Wireshark-dev: [Wireshark-dev] encapsulation type for layer 1 messages (strings)

From: Rolf Fiedler <rolf.fiedler@xxxxxxxxxxxxx>
Date: Thu, 03 Apr 2008 16:29:45 +0200

Hi everyone,

I am currently working on modifying the wiretap modules for EyeSDN
traces to use WTAP_ENCAP_PER_PACKET, which is working nicely
(Q.931/DSS1, SS7/MTP2, PPP, X.25 and ATM support on the way for these
traces).

However, there is one thing I can not match to the ENCAP types at the
moment (maybe because I am too stupid to find this). In these traces
there are layer 1 messages like "Frame Synchronisation Lost", "Alarm
Indicator", "G.704 Lock" etc.
These messages are put in the trace file as plain text. And these frames
are marked as Layer 1 message frames to distuingish them from the actual
captured data. So far I just skip these frames...

What I would like to do is mark these frames as "WTAP_ENCAP_PLAIN_TEXT"
or similar and just let wireshark print the frame contents as ASCII to
the decoder window and at the left (protocol) side of the frame list.

Is there already a dissector which does this? If so, which ENCAP type
would I need to specify for these frames.

If not, is it ok if I add such a WTAP_ENCAP_* type and the dissector for
doing this? Would such a patch be accepted?

Kind regards,
Rolf