Wireshark · Wireshark-users: Re: [Wireshark-users] Calling MAC-LTE dissctor from lua dissector on the rest of te data

[Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx>]

On Thu, Apr 5, 2012 at 7:05 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:

On Jan 18, 2012, at 10:04 PM, Martin Mathieson wrote:

> I'm not sure if it will help you, but I just submitted "mac-lte-framed".  It expects to find the same framing as the UDP heuristic dissector, but without the IP/UDP header or the magic string.

Should there be a pcap/pcap-ng link-layer header type value (the values sometimes called "DLTs") assigned for that?  Perhaps there should be, to allow MAC LTE packets to be stored in pcap or pcap-ng files.

If so, you should submit a request for it to tcpdump-workers@xxxxxxxxxxxxxxxxx, with a detailed description of the pseudo-header for the context data.

Guy,

I would like to do this.  Looking at the other definitions in http://www.tcpdump.org/linktypes.html, they have quite formal specifications, so I'm wondering what I would need to do first.

Really all we have is the description in http://anonsvn.wireshark.org/wireshark/trunk/epan/dissectors/packet-mac-lte.h (and the function dissect_mac_lte_context_fields(), and the example program for encoding a file of this format (http://www.wireshark.org/~martinm/mac_pcap_sample_code.c).  There are some existing parameters in the struct mac_lte_info that you can't currently set using this framing method - these are optional fields that could be added later if someone wanted them.  And it is always possible we'd want to add more (probably optional) fields that aren't yet in mac_lte_info.

What would you recommend I submit?  The header file is the ultimate authority... I could add something to the wiki (either wiki.wireshark.org/MAC-LTE or some other page linked to from there), but it wouldn't add much, and would need to be maintained.

Thanks,

Martin