I'm making progress on my proprietary capture device, and the next step is
to create a dissector. The first stages are OK, but now I'm trying
to capture and dissect packets with my WTAP type.
One of the issues is that there are existing well known protocols
embedded in my captured packets that I want to hand off to pre-existing
dissectors (for example 'frame relay') so I'm capturing the flow and
handing it off in dissect_mytype() using the fragment:
if (pinfo->fd->lnk_t == WTAP_ENCAP_MYTYPE) {
call_dissector(frame_relay_handle, tvb, pinfo, tree);
}
So far so good, but two downsides are:
1/ The Protocol field in the packet list window pane now labels the
packets as 'mytype'. I'd rather see the protocol as 'Frame Relay',
or (more generically) 'whatever the next dissector determines it to be'.
2/ The packet 'decode' pane shows:
> Frame 1 (14 bytes on wire, 14 bytes captured)
> Frame Relay
> Q.933
> MYTYPE
As if 'MYTYPE' was embedded within the frame relay, whereas in
reality, its the other way around. It shouldn't have that 4th
level of decode.
Can anybody tell me what I'm doing wrong, and/or missing?
TIA
Fulko
This document is strictly confidential and intended only for use by the addressee unless otherwise stated. If you are not the intended recipient, please notify the sender immediately and delete it from your system.
