Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Enhancement of built-in dissector

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: <HPfrommer@xxxxxxxxxxxx>
Date: Tue, 30 Aug 2011 16:09:47 +0200
Hi Guy,

thanks for your feedback, I will request a new LINKTYPE.


-----Ursprüngliche Nachricht-----
Von: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im Auftrag von Guy Harris
Gesendet: Freitag, 26. August 2011 12:09
An: Developer support list for Wireshark
Betreff: Re: [Wireshark-dev] Enhancement of built-in dissector


On Aug 26, 2011, at 2:15 AM, <HPfrommer@xxxxxxxxxxxx> wrote:

> some time ago I submitted a patch (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6082) to enhance some features of a built in dissector.
> Unfortunately, nothing happened so far. I know you guys are quite busy, but I would appreciate if someone could check the patch, to have it available with the next releases.

I checked it, and I refuse to check it in for any release - the very notion of a heuristic dissector for the frame dissector makes no sense whatsoever, as the contents of the frame depend on the link-layer type of the frame.

As I said in the bug:

The very notion of a heuristic dissector running directly atop the "frame" dissector is nonsensical; the contents of the frame depend on the link-layer type of the frame; you don't know whether the frame is an Ethernet frame or an 802.11 frame or an 802.11 frame with a radiotap header or an 802.11 frame with a PRISM header or a Token Ring frame or an FDDI frame or a PPP frame or a BSD loopback interface frame or a raw IP frame or an ATM AAL5 frame with some particular flavor of pseudo-header or....

If Hilscher made the huge mistake of putting into a pcap file with a link-layer type of 1 (LINKTYPE_ETHERNET/DLT_EN10MB) frames that have a netANALYZER-specific header, followed by a regular Ethernet frame, that's their mistake, not ours; if they want to put their frames into pcap files, they should request a LINKTYPE_/DLT_ value for their packets from tcpdump-workers@xxxxxxxxxxxxxxxxx, and contribute code for Wireshark that adds a new WTAP_ENCAP_ value for that LINKTYPE_ value, maps that LINKTYPE_ value to the new WTAP_ENCAP_ value, and adds a dissector for that WTAP_ENCAP_ value.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


Hilscher Gesellschaft für Systemautomation mbH
Rheinstr. 15, 65795 Hattersheim
Sitz der Gesellschaft: Hattersheim
Geschäftsführer: Hans-Jürgen Hilscher
Registergericht: Amtsgericht Frankfurt/Main
Handelsregister: Frankfurt B 26873
www.hilscher.com
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube