Hi Guy! I hope your weekend was enjoyable.
On Sat, May 22, 2010 at 2:39 PM, Guy Harris
<guy@xxxxxxxxxxxx> wrote:
So presumably the IP protocol rider protocol has fields of its own.
Does the IP protocol rider have an IP protocol number assigned to it, so that you have:
link-layer protocol
IP, with the IP protocol number having the value for the IP protocol rider protocol
IP protocol rider protocol
custom protocol
some protocol that normally runs directly atop IP
or is this a non-standard encapsulation where you have:
link-layer protocol
IP, with the IP protocol number having the value for the protocol that's above the custom protocol
IP protocol rider protocol
custom protocol
some protocol that normally runs directly atop IP
The former.
The former can be done without modifying Wireshark, but not the way you're doing it.
What is the best way to do it?
I overcame the problem of the protocols not matching by seeing that the protocol number copied over from IP to my IP rider and *supposedly* stored in hf_[IPR protocol] field was incorrect. It was 65,000 something when printf'd. What does hf_register_info do with that variable (hf_[IPR protocol])? I suppose telling it that it is an FT_UINT8 tells it how to read it from the tvbuff_t. Does all it do is use tvb_get_guint8()? I had to use that function manually to get the protocols to match correctly with the ip_dissector_table. Before that I tried casting it to a guint8 but that didn't work.
It now works with the code I showed before, but I am getting this problem now:
-Scott
