Wireshark-dev: Re: [Wireshark-dev] SNA Trace on VMS
From: Guy Harris <[email protected]>
Date: Fri, 10 Nov 2006 16:38:16 -0800
On Nov 10, 2006, at 8:34 AM, [email protected] wrote:
I guess that for the SNA trace file I'll need a vms_sna.c, vms_open_sna() and a link to ms_open_sna() from file_access.c. But will I need to add a new WTAP_ENCAP_SNA?
What information is in those traces?

I.e., at what protocol layer do they start? If this is SNA-over-SDLC (i.e., over some sort of serial link), does it start with SDLC, or with the protocol running atop SDLC (the one described at
	http://www.protocols.com/pbook/sna.htm#SNA

)? If this is SNA-over-Ethernet or SNA-over-Token Ring or SNA-over- {fill in the IEEE 802-style network}, does it start with Ethernet or Token Ring or..., or does it start with the protocol running atop that?
If it starts with SDLC or Ethernet or Token Ring or..., you'd use the  
appropriate encapsulation for that (WTAP_ENCAP_SDLC,  
WTAP_ENCAP_ETHERNET, WTAP_ENCAP_TOKEN_RING, etc.).
If it starts with the protocol running atop SDLC or Ethernet or...,  
you'd need to add a new WTAP_ENCAP_SNA, and use that.
And I don't understand how I build the links to the existing SNA modules in packet-sna.c or even packet-sdlc.c!
If the lowest protocol layer in the capture is SDLC, returning WTAP_ENCAP_SDLC is sufficient to get the module in packet-sdlc.c to be called; the same applies, *mutatis mutandis*, for WTAP_ENCAP_ETHERNET, WTAP_ENCAP_TOKEN_RING, etc..
If the lowest protocol layer in the capture is the protocol running  
atop SDLC/Ethernet/etc., then you'd have to modify  
"proto_reg_handoff_sna()" in packet-sna.c to do
	dissector_add("wtap_encap", WTAP_ENCAP_SNA, sna_handle);

after adding WTAP_ENCAP_SNA and having your code return it as the link- layer encapsulation.
(BTW, I'd recommend having this code read the raw traces, if at all  
possible; digging through text files is a bit of a pain.