On Sun, May 23, 2021 at 11:59 AM Antonello Tartamo <
antonellotartamo@xxxxxxxxx> wrote:
The problem is that I don't have a predefined ether type as the ether type field is used as length field.
Is there any other way to reuse the ethernet dissector ?
Thanks in advance
So if I understand correctly, you have a protocol that does not contain Ethernet, but has a two MAC addresses (destination and source), followed by a field which is two octets but *always* is a length field (like a 802.3 Ethernet frame, not Ethernet II), even if over 1500? Or is it something where it's only for lengths less than 1500 bytes, like 802.3 Ethernet, but it's not any of the non Ethernet II frame types (raw 802.3 or 802.3 followed by LLC, with or without SNAP)?
Then it's not on Ethernet, and you need to manually add the source and destination addresses in your dissector and not call the Ethernet dissector. It's not difficult at all to add two FT_ETHER fields to your dissector.
Are you trying to have your protocol work on capture files that claim to have an Ethernet link layer, with this not quite compatible link layer instead?
John Thacker
