Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4804] Data Link Layer (encapsulation) Type Request for LAP

Date: Sat, 29 May 2010 15:12:02 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4804

Guy Harris <guy@xxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
           Platform|x86                         |All
         Resolution|                            |INVALID
         OS/Version|Windows XP                  |All

--- Comment #2 from Guy Harris <guy@xxxxxxxxxxxx> 2010-05-29 15:11:59 PDT ---
We already have dissectors for some V5.2 protocols; see
epan/dissectors/packet-v52.c.  I assume that LAPV5 is a lower-level protocol
and not implemented yet in Wireshark.

If you plan to save LAPV5 traffic in a pcap or pcap-ng file, you will first
need to get a DLT_ value assigned to LAPV5 - you cannot pick your own DLT_
values, you must ask tcpdump.org for one, as Jaap indicates.  (If you pick your
own, and tcpdump.org assigns that number to some other link-layer type,
Wireshark will support the link-layer type that was assigned that number by
tcpdump.org; we will not accept any changes that use it for other purposes,
even if that's done with a preference.)

Once you've done that, you will need to add a WTAP_ENCAP_ value for LAPV5; see
wiretap/wtap.h.  Then you will need to add an entry for the new DLT_ value and
the new WTAP_ENCAP_ value to the pcap_to_wtap_map[] table - it's in
wiretap/pcap-common.c in the current development tree.  (I forget whether it's
there or in wiretap/libpcap.c in the 1.2.x branch.)

Then your LAPV5 dissector would register itself in the "wtap_encap" dissector
table, using your new WTAP_ENCAP_ value.

This should really be discussed in the wireshark-dev@xxxxxxxxxxxxx mailing
list, not in a bug; I'll close this bug (as most of the code for this would be
written by you, not by the Wireshark developers).

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.