Wireshark-dev: Re: [Wireshark-dev] Defining a DLT which could be used to dissect any protocol.
From: Guy Harris <[email protected]>
Date: Tue, 7 Feb 2012 10:38:26 -0800
On Feb 7, 2012, at 6:33 AM, Anders Broman wrote:

> How about defining a DLT with a TLV based header which could be used to carry any protocol - a tag would contain the name of the protocol to be called the name would of course have to correspond
> To the name the dissector has registered in Wireshark - yes this is a weakness an alternative would be to give every protocol a number but that means keeping a registry list.
> Tags could be defined to carry any extra info needed.

What is the purpose of this?

I *REALLY* don't like "generic" link-layer type values that don't cover a specific protocol.  If people want multiple different link-layer header types in the same file, that's what pcap-NG is for.

Note also that there isn't a one-to-one correspondence between protocol names and dissector names - for example, we have multiple dissectors for Ethernet, depending on whether:

	we know that the packet includes an FCS;

	we know that the packet doesn't include an FCS;

	we don't know whether it includes an FCS or not.