Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] How to expand Manually Resolve Address?

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Mon, 08 Nov 2010 17:14:18 +0100
Hi,

How to expand Manually Resolve Address?

I've a raw capture (LINKTYPE_RAW (101) -> WTAP_ENCAP_RAW_IP (7)) which doesn't allow this feature. That is due to this line in menu.c:set_menus_for_selected_packet(capture_file *cf)

set_menu_sensitivity(packet_list_menu_factory, "/Manually Resolve Address", cf->current_frame != NULL ? ((cf->edt->pi.ethertype == ETHERTYPE_IP)||(cf->edt->pi.ethertype == ETHERTYPE_IPv6)) : FALSE);

As you've guessed the raw dissector doesn't set ethertype (there is no Ethernet <gasp>).

So, there are two options:

1. in packet-raw.c set packet_info.ethertype to ETHERTYPE_IP or ETHERTYPE_IPv6 respectively.

2. change menu.c:set_menus_for_selected_packet() to check packet_info.[net_src|net_dst] E [AT_IPv4|AT_IPv6]

So, what breaks going either way?

Thanks,
Jaap