On Feb 7, 2012, at 6:33 AM, Anders Broman wrote:
> How about defining a DLT with a TLV based header which could be used to carry any protocol - a tag would contain the name of the protocol to be called the name would of course have to correspond
> To the name the dissector has registered in Wireshark - yes this is a weakness an alternative would be to give every protocol a number but that means keeping a registry list.
> Tags could be defined to carry any extra info needed.
What is the purpose of this?
I *REALLY* don't like "generic" link-layer type values that don't cover a specific protocol. If people want multiple different link-layer header types in the same file, that's what pcap-NG is for.
Note also that there isn't a one-to-one correspondence between protocol names and dissector names - for example, we have multiple dissectors for Ethernet, depending on whether:
we know that the packet includes an FCS;
we know that the packet doesn't include an FCS;
we don't know whether it includes an FCS or not.
