Wireshark-dev: Re: [Wireshark-dev] Custom MAC layer dissector
From: Guy Harris <[email protected]>
Date: Fri, 28 Aug 2009 09:32:46 -0700
On Aug 28, 2009, at 6:08 AM, Patrick Lannigan wrote:

We have a tool in place that can write the packets to the libpcap file format.
...which means that either:

	1) you've chosen an existing DLT_ value to use in the file header;

2) you've requested a DLT_ value from [email protected], and are waiting for it, and will use that in the file header;
	3) you're using one of DLT_USER0 through DLT_USER15.

If it's an existing DLT_ value, then either

1) there's a WTAP_ENCAP_ value corresponding to that DLT_ value, in which case you would register your dissector in the wtap_encap dissector table with the WTAP_ENCAP_ value
or

2) there isn't a WTAP_ENCAP_ value corresponding to that DLT_ value, in which case a new WTAP_ENCAP_ value for it needs to be allocated if there isn't already one, and wiretap/pcap-common.c needs to be changed to map between that DLT_ value and that new WTAP_ENCAP_ value.
If you've requested a DLT_ value, once it's assigned, it's just like  
the previous case.
If it's one of DLT_USER0 through DLT_USER15, use the corresponding  
WTAP_ENCAP_USER0 through WTAP_ENCAP_USER15 value.