Richard Kümmel wrote: > Hi, > I am writing a dissector for a device of ours that adds a header before > the actual ethernet header. > The header is recognized by looking at the first 6 Bytes. If the first 6 > byte are 01 01 05 10 00 00 > ( a mulitcast address of ours, that is only used for this purpose), the > frame is an esl frame.
Why not use the ethernet type field for this? It seems to fly somewhat in the face of convention to have to interpret ethernet packets differently depending on their destination address. > The only way i managed to handle this is by checking the address in > dissect_eth_common > and then calling the dissector directly. ... > Is there a different and better way to do this? If not is it ok to add > code like this > to the sources of wireshark? If this is really the only way to recognise these packets, it would be better to add a heuristic subdissector - see packet-hilscher.c for an example. Though, as the Cisco comment implies, I think your protocol design is hideous. _______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev
