Hello,
I *kind of* get what you mean, but I really don't know how to do that.
Let me explain what I do:
I use the wireshark library to analyze the packets I send it. The main
call to the library is done in my code through:
epan_dissect_run(edt, &pseudo_header, FakePacket , &fdata, 0);
where FakePacket is a u_char pointer to a memory place where I have the
packet I'd like to analyze.
After that, FakePacket is changed to point to a new packet which has to
be analyzed as well.
What I know is that my packet data will always contain ONLY the 2nd
layer data (Ethernet) and the encapsulated data (TCP, UDP, ...).
Then what should I do? Modify the packet-eth.c to change the
"wtap_encap" type?
How can I do that? What constant should I choose then?
Thans in advance,
Guillaume
Gilbert Ramirez a �crit :
How do the 2nd-layer dissectors get called normally? Because thy
register themselves with Wireshark, saying that if "wtap_encap" (the
wiretap encapsulation) is a certain type, then call them.
for example, from packet-eth.c:
dissector_add("wtap_encap", WTAP_ENCAP_ETHERNET,
eth_maybefcs_handle);
By whatever method you're feeding your packet traces into Wireshark,
if you can cause the wiretap encapsulation type to be a new value that
you create, WTAP_ENCAP_IPX, then you can modify packet-ipx.c to
register itself against "wtap_encap" == WTAP_ENCAP_IPX. Then the
dissection will happen start at the IPX level.
--gilbert
