Wireshark-dev: Re: [Wireshark-dev] dissect proprietary hdlc based protocol from SLL

From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
Date: Tue, 2 Jun 2009 14:42:11 -0600

On Tue, Jun 02, 2009 at 01:34:02PM +0200, Weberhofer, Daniel wrote:

> I need to dissect a proprietary hdlc based protocol. With tcpdump I 
> get the packets as SLL (Linux cooked capture) cap file.

> - but I can't get a dissector table for SSL:

> my_table = DissectorTable.get("sll")

> "sll" is wrong: wireshark displays the error message 
> "DissectorTable_get: No such dissector table"

This is because the SLL dissector does not register a table for the 
LINUX_SLL_ protocol values (which I presume is what you need to register 
in?)  Instead, it is hard-coded in epan/dissectors/packet-sll.c:

/*
 * The LINUX_SLL_ values for "sll_protocol".
 */
#define LINUX_SLL_P_802_3	0x0001	/* Novell 802.3 frames without 
802.2 LLC header */
#define LINUX_SLL_P_802_2	0x0004	/* 802.2 frames (not D/I/X 
Ethernet) */
#define LINUX_SLL_P_PPPHDLC	0x0007	/* PPP HDLC frames */

Does your protocol have its own value similar to the above ones?  I'm 
not familiar with the SLL dissector, but it looks like we could probably 
add a table for these values so you could register into it.


Steve