Hi All,
I’m working on finishing up development of a dissector.
The protocol uses an Ethernet in Ethernet encapsulation format where the outer
header uses hierarchical source and destination mac addresses, there is then a
special ethertype and some info in a TAG (DTAG). If I only register
the ethertype, then the Ethernet dissector will process the other source and destination
address and only the tag will get passed to my dissector. I would like my
dissector to process the source and destination address, the tag and then pass
the original Ethernet frame to the Ethernet dissector.
I was able to accomplish this using a heuristic dissector,
but this seems to present an unnecessary overhead on the system. I’m
wondering if there’s a more efficient way of accomplishing the above
(having my dissector run on both the Ethernet header and tag based on the
ethertype in the packet).
Thanks,
Leonard
