The ethernet dissector currently has a heuristic table called "eth"
that passes off the entire packet (including the ethernet header, if
any) which is a bit confusing.
As per bug #8522 we seem to have need of a heuristic table for the
general ethernet payload (without the ethernet header bytes), however
ethernet payload dissection seems to be fairly hard-coded at the
moment; the dissector handles are called directly in most cases.
Do we want to just stick another heuristic table into the middle of
the current code or is there a better way of handling everything
that's currently there?
Should the existing table be perhaps named "pre-eth" or something
slightly more indicative of what it is? I would kind of want to call
the payload heuristic table "eth"...
Thanks,
Evan
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8522
