Hi,
Good question. For the answer you have to search further up the call
chain. Lets see:
file.c:add_packet_to_packet_list()
epan/epan.c:epan_dissect_run()
epan/packet.c:dissect_packet()
epan/dissectors/packet-frame.c:dissect_frame()
So when reading packets from a capture file, metadata (like wtap_encap) is
available passed along with it for the frame dissector to use. It's up to
the capture engine writing this capture file metadate to put the right
stuff in there.
Thanx,
Jaap
On Sun, 29 Oct 2006 angustia@xxxxxxxxxxxxxxxxxx wrote:
> Hello,
>
> I've been studying Wireshark's source code for a while, but there's
> something I still don't understand. It's specifically about the inner
> workings of Epan. How does one dissectors knows and decides which
> subdissector is the correct one?
>
> Such as, how does "frame" know which "wtap_encap" is the correct one?
> Are there any probe functions around that I am missing?
>
> Thanks,
> Ramiro Polla
>
