Wireshark · Wireshark-dev: [Wireshark-dev] IPoIB dissector: snoop file vs pcap data

Wireshark-dev: [Wireshark-dev] IPoIB dissector: snoop file vs pcap data

From: Petr Sumbera <petr.sumbera@xxxxxxxxxx>

Date: Fri, 18 Mar 2016 17:00:46 +0100

Hi,

at this moment Wireshark can read snoop files with IPoIB[1] data:

https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-ipoib.c

I'm working on extending it to support also data as they come from PCAPon Solaris (at this moment Solaris generates data with DLT_USER15 whichneed to be fixed anyway).


Unfortunately there is for some unknown reason following difference:

Snoop contains:
IPoIB header [4 bytes]
IP data

PCAP data contains:
GRH Header (multicast) or just 20 bytes address (unicast) [40 bytes]
IPoIB header [4 bytes]
IP data

With Wireshark 1.12 I was considering to distinguish between these twodata in dissector via pinfo->file_type_subtype. But with Wireshark 2.0it doesn't seem to be possible any more (file_type_subtype is notavailable in dissector).


What would you recommend me here?

Or should I rather apply for completely different DLT_ value and createnew dissector?


Thanks,

Petr

[1] https://tools.ietf.org/html/rfc4391

Follow-Ups:
- Re: [Wireshark-dev] IPoIB dissector: snoop file vs pcap data
  - From: Guy Harris

Prev by Date: [Wireshark-dev] Wireshark build issue on osx related to qt5
Next by Date: Re: [Wireshark-dev] IPoIB dissector: snoop file vs pcap data
Previous by thread: [Wireshark-dev] Wireshark build issue on osx related to qt5
Next by thread: Re: [Wireshark-dev] IPoIB dissector: snoop file vs pcap data
Index(es):
- Date
- Thread