Wireshark-dev: [Wireshark-dev] UI for packets differing by a checksum on the end
From: Jon Smirl <[email protected]>
Date: Thu, 29 Jul 2010 10:19:10 -0400
I'm working on the 802.15.4 packet decoder. 802.15.4 packets have a
two byte hardware checksum at the end of them. Some sniffer hardware
includes this checksum in the packets returned and some hardware
doesn't.

We've been switching between them by changing the source code:
-        ieee802154_handle   = find_dissector("wpan");
+        ieee802154_handle   = find_dissector("wpan_nofcs");

How can i fix this so that I can switch using the UI?

I tried registering wpan_nofcs in the UI. The idea was to disable
"wpan" and let "wpan_nofcs" take over.

Instead of wpan_nofcs taking over I get "Protocol Unknown WTAP_ENCAP = 104".
ENCAP 104 is "wpan" which has been disabled.

Index: epan/dissectors/packet-ieee802154.c
===================================================================
--- epan/dissectors/packet-ieee802154.c	(revision 33628)
+++ epan/dissectors/packet-ieee802154.c	(working copy)
@@ -255,6 +255,7 @@
 static int hf_ieee802154_nonask_phy_length = -1;

 static int proto_ieee802154 = -1;
+static int proto_ieee802154_nofcs = -1;
 static int hf_ieee802154_frame_type = -1;
 static int hf_ieee802154_security = -1;
 static int hf_ieee802154_pending = -1;
@@ -2488,6 +2489,7 @@

     /*  Register Protocol name and description. */
     proto_ieee802154 = proto_register_protocol("IEEE 802.15.4
Low-Rate Wireless PAN", "IEEE 802.15.4", "wpan");
+    proto_ieee802154_nofcs = proto_register_protocol("IEEE 802.15.4
Low-Rate Wireless PAN nofcs", "IEEE 802.15.4 nofcs", "wpan-nofcs");
     proto_ieee802154_nonask_phy = proto_register_protocol("IEEE
802.15.4 Low-Rate Wireless PAN non-ASK PHY", "IEEE 802.15.4 non-ASK
PHY", "wpan-nonask-phy");

     /*  Register header fields and subtrees. */
@@ -2541,7 +2543,7 @@

     /*  Register dissectors with Wireshark. */
     register_dissector("wpan", dissect_ieee802154, proto_ieee802154);
-    register_dissector("wpan_nofcs", dissect_ieee802154_nofcs,
proto_ieee802154);
+    register_dissector("wpan-nofcs", dissect_ieee802154_nofcs,
proto_ieee802154);
     register_dissector("wpan_cc24xx", dissect_ieee802154_cc24xx,
proto_ieee802154);
     register_dissector("wpan-nonask-phy",
dissect_ieee802154_nonask_phy, proto_ieee802154_nonask_phy);
 } /* proto_register_ieee802154 */
@@ -2563,6 +2565,7 @@
 {
     static gboolean prefs_initialized = FALSE;
     static dissector_handle_t  ieee802154_handle;
+    static dissector_handle_t  ieee802154_nofcs_handle;
     static dissector_handle_t  ieee802154_nonask_phy_handle;
     static unsigned int old_ieee802154_ethertype;
     GByteArray *bytes;
@@ -2571,10 +2574,12 @@
     if (!prefs_initialized){
         /* Get the dissector handles. */
         ieee802154_handle   = find_dissector("wpan");
+        ieee802154_nofcs_handle = find_dissector("wpan-nofcs");
         ieee802154_nonask_phy_handle = find_dissector("wpan-nonask-phy");
         data_handle         = find_dissector("data");

         dissector_add("wtap_encap", WTAP_ENCAP_IEEE802_15_4,
ieee802154_handle);
+        dissector_add("wtap_encap", WTAP_ENCAP_IEEE802_15_4_NOFCS,
ieee802154_nofcs_handle);
         dissector_add("wtap_encap",
WTAP_ENCAP_IEEE802_15_4_NONASK_PHY, ieee802154_nonask_phy_handle);

         prefs_initialized = TRUE;
Index: wiretap/wtap.c
===================================================================
--- wiretap/wtap.c	(revision 33628)
+++ wiretap/wtap.c	(working copy)
@@ -473,7 +473,10 @@
 	{ "SocketCAN", "socketcan" },

 	/* WTAP_ENCAP_IEEE802_11_NETMON_RADIO */
-	{ "IEEE 802.11 plus Network Monitor radio header", "ieee-802-11-netmon" }
+	{ "IEEE 802.11 plus Network Monitor radio header", "ieee-802-11-netmon" },
+
+	/* WTAP_ENCAP_IEEE802_15_4 nofcs */
+	{ "IEEE 802.15.4 Wireless PAN nofcs", "wpan-nofcs" },
 };

 gint wtap_num_encap_types = sizeof(encap_table_base) / sizeof(struct
encap_type_info);
Index: wiretap/wtap.h
===================================================================
--- wiretap/wtap.h	(revision 33628)
+++ wiretap/wtap.h	(working copy)
@@ -216,6 +216,7 @@
 #define WTAP_ENCAP_IPNET                        124
 #define WTAP_ENCAP_SOCKETCAN                    125
 #define WTAP_ENCAP_IEEE802_11_NETMON_RADIO	126
+#define WTAP_ENCAP_IEEE802_15_4_NOFCS           127

 #define WTAP_NUM_ENCAP_TYPES                    wtap_get_num_encap_types()



-- 
Jon Smirl
[email protected]