>On Tue, Dec 11, 2007 at 01:09:21PM -0800, Benn Bollay wrote:
>> I'm trying to write a dissector for ethernet trailers.  It seems like
>> the ideal way would be to hook the existing ethernet dissector and
>> have it call my dissector, however I can't figure out any way of
doing
>> this on the existence of the trailer that doesn't require
manipulating
>> packet-eth.c (I was hoping for a plugin).  I was looking at doing
this
>> as a postdissector, but then I would have to parse the relevent
>> headers to determine where the end of the "proper" packet lay, which
>> seemed like a lot of unnecessary duplicate work.
>
> The Ethernet dissector already handles the display of Ethernet
trailers
> when it can guess that they are present based on comparing the size of
> the packet to the minimum packet size of Ethernet.  The current
> functionality highlights the trailer bytes when selecting the Ethernet
> dissector and displays them under the Ethernet dissector's tree.  Is
> there something more you're looking to do?
 
I think it does a little more then that, since it correctly identifies
the location of trailers even on full MTU sized packets it must therefor
have some idea where the IP packet ends.  The actual use case involves
some data I'm throwing in the trailer for internal testing, and I'd like
to dissect it within wireshark itself.  We have a modified tcpdump that
does this behavior, but I'd love to have a plugin for wireshark.
 
Cheers,
--Benn

_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Reply via email to