On Dec 22, 2008, at 7:32 AM, Yuming fang wrote:
You mean the wireshark could choose the Ethernet protocol dissector
to process the data according to DLT?
Actually, it's according to the WTAP_ENCAP_ value; as I said in my
earlier mail, the Wiretap library maps DLT_ values (actually,
LINKTYPE_ values, although LINKTYPE_xxx and DLT_xxx are the same in
almost all cases) to WTAP_ENCAP_ values.
where could I find the code in wireshark?
The code to map LINKTYPE_ values to WTAP_ENCAP_ values is in wiretap/
libpcap.c.
The code to process LINKTYPE_ values is in:
epan/dissectors/packet-frame.c - it registers a dissector table named
"wtap_encap", and uses that table to choose which dissector to use on
a packet;
various other dissectors - they register their WTAP_ENCAP_ value in
that table, so they're called.
To other protocols, such as TCP, after the Ethernet protocal
dissector processes the data, the wireshark would find an TCP
protocol dissector to continue processing the data.
No. Wireshark would find an IPv4 or IPv6 dissector according to the
link-layer type value, for link-layer protocols that have them. The
IPv4 dissector would use the protocol field, and the IPv6 dissector
would use the "next header" field, to call the appropriate dissector,
such as the TCP dissector.
At first, we should test the mac code. If these code is all right,
we could consider submitting it. At present, we have no LTE card, so
we could not capture LTE data from a LTE card directly. After we
develop a LTE card, I think we should change the libpcap code to
capture LTE data from a LTE card.(We should add a new DLT in
wireshark.)
New DLT_ and LINKTYPE_ values are added in libpcap, not Wireshark;
you'd add a new WTAP_ENCAP_ value in Wireshark, corresponding to that
new LINKTYPE_ value.
