Wireshark-dev: [Wireshark-dev] Defining a DLT which could be used to dissect any protocol.
From: Anders Broman <[email protected]>
Date: Tue, 7 Feb 2012 15:33:28 +0100
Hi,
How about defining a DLT with a TLV based header which could be used to carry any protocol - a tag would contain the name of the protocol to be called the name would of course have to correspond
To the name the dissector has registered in Wireshark - yes this is a weakness an alternative would be to give every protocol a number but that means keeping a registry list.
Tags could be defined to carry any extra info needed.
 
Something like this
Header
Header length
Header version
-------------------
Tag
Length
value
--------
:
--------
Tag = Data
Length
Data
 
Example tags
Tag = 1  Protocol name, the name used by the Wireshark dissector to be called with the protocol data. ( ex "sip" ).
Tag = 2  SRC Address( Octet 1 = Address family), ( ex IP4 address, IP6 Address, OPC, DPC ....)
                                   2-n Address data
Tag = 2  DST Address
:
Tag X  Vendor specific ( vendor Id, vendor tag  + data)
Tag = 254 Data
Tag = 255 Reserved for extension
 
This is just to test the wathers before geting to far into defining the tags.
Comments?
 
Regards
Anders