IEEE 802.3ah Processing

[Elliot Parsons <elliotparsons () gmail com>]

I am working with an 802.3ah system. I have a third party packet capture
device with its own packet processor, but I would like to have some of
Wireshark's capabilities for processing the capture file offline.

802.3ah contains an Ethernet frame, but it adds a 6 byte preamble that
contains a link layer id along with other information. I have written a
dissector to process this 6 byte preamble, which ends up calling the
standard Ethernet dissector when it is complete. I currently know of two
ways of kicking off this 802.3ah dissector:

1) Change the capture type in the header of the PCAP file.

2) Add a check in the Ethernet dissector that looks for the start of the
802.3ah preamble for each packet. This check is only enabled if an 802.3ah
option is selected for Ethernet parsing.

Is either of these methods preferred, or is there another way to start the
new dissector that I have not considered?

Thanks,
Elliot

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe