Wireshark mailing list archives

Re: Defining a DLT which could be used to dissect any protocol.

From: Martin Mathieson <martin.r.mathieson () googlemail com>
Date: Tue, 7 Feb 2012 15:23:54 +0000

Isn't this similar (but more general) to what packet-meta.c does - although
probably that one is tailored to what Tobias has needed?
Martin

On Tue, Feb 7, 2012 at 2:33 PM, Anders Broman <anders.broman () ericsson com>wrote:

 Hi,
How about defining a DLT with a TLV based header which could be used to
carry any protocol - a tag would contain the name of the protocol to be
called the name would of course have to correspond
To the name the dissector has registered in Wireshark - yes this is a
weakness an alternative would be to give every protocol a number but that
means keeping a registry list.
Tags could be defined to carry any extra info needed.

Something like this
Header
Header length
Header version
-------------------
Tag
Length
value
--------
:
--------
Tag = Data
Length
Data

Example tags
Tag = 1  Protocol name, the name used by the Wireshark dissector to be
called with the protocol data. ( ex "sip" ).
Tag = 2  SRC Address( Octet 1 = Address family), ( ex IP4 address, IP6
Address, OPC, DPC ....)
                                   2-n Address data
Tag = 2  DST Address
:
Tag X  Vendor specific ( vendor Id, vendor tag  + data)
Tag = 254 Data
Tag = 255 Reserved for extension

This is just to test the wathers before geting to far into defining the
tags.
Comments?

Regards
Anders


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Defining a DLT which could be used to dissect any protocol. Anders Broman (Feb 07)
- Re: Defining a DLT which could be used to dissect any protocol. Martin Mathieson (Feb 07)
- Re: Defining a DLT which could be used to dissect any protocol. Guy Harris (Feb 07)
  - Re: Defining a DLT which could be used to dissect any protocol. Anders Broman (Feb 07)