Hi,
I am writing a dissector for a device of ours that adds a header before the
actual ethernet header.
The header is recognized by looking at the first 6 Bytes. If the first 6 byte
are 01 01 05 10 00 00
( a mulitcast address of ours, that is only used for this purpose), the frame
is an esl frame.
The only way i managed to handle this is by checking the address in
dissect_eth_common
and then calling the dissector directly.
if ( tvb_get_guint8(tvb, 0) == 0x01 &&
tvb_get_guint8(tvb, 1) == 0x01 &&
tvb_get_guint8(tvb, 2) == 0x05 &&
tvb_get_guint8(tvb, 3) == 0x10 &&
tvb_get_guint8(tvb, 4) == 0x00 &&
tvb_get_guint8(tvb, 5) == 0x00) {
/*ESL frames require special interpretation of the
destination address field; they can be recognized by
checking the first 6 octets of the destination address, which are
01-00-05-10-00 for ESL frames. */
dissect_esl(tvb, pinfo, parent_tree, fcs_len);
return;
}
In packet-eth.c i found that a cisco device also uses this technique
if (ehdr->type <= IEEE_802_3_MAX_LEN) {
/* Oh, yuck. Cisco ISL frames require special interpretation of the
destination address field; fortunately, they can be recognized by
checking the first 5 octets of the destination address, which are
01-00-0C-00-00 for ISL frames. */
if ( (tvb_get_guint8(tvb, 0) == 0x01 ||
tvb_get_guint8(tvb, 0) == 0x0C) &&
tvb_get_guint8(tvb, 1) == 0x00 &&
tvb_get_guint8(tvb, 2) == 0x0C &&
tvb_get_guint8(tvb, 3) == 0x00 &&
tvb_get_guint8(tvb, 4) == 0x00 ) {
dissect_isl(tvb, pinfo, parent_tree, fcs_len);
return;
}
}
Is there a different and better way to do this? If not is it ok to add code
like this
to the sources of wireshark?
Thanks,
Richard Kümmel
Beckhoff Automation GmbH | Managing Director: Dipl. Phys. Hans Beckhoff, Arnold
Beckhoff
Registered office: Verl, Germany | Register court: Gütersloh HRB 1803
_______________________________________________
Wireshark-dev mailing list
[email protected]
https://wireshark.org/mailman/listinfo/wireshark-dev
