Re: IPoIB dissector: snoop file vs pcap data

[Guy Harris <guy () alum mit edu>]

On Mar 18, 2016, at 9:00 AM, Petr Sumbera <petr.sumbera () oracle com> wrote:

> at this moment Wireshark can read snoop files with IPoIB[1] data:
>
> https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-ipoib.c
>
> I'm working on extending it to support also data as they come from PCAP on Solaris (at this moment Solaris generates 
> data with DLT_USER15 which need to be fixed anyway).

It most *definitely* needs to be fixed, just as Apple's use of DLT_USER2 needs to be fixed.

> Unfortunately there is for some unknown reason following difference:
>
> Snoop contains:
> IPoIB header [4 bytes]
> IP data
>
> PCAP data contains:
> GRH Header (multicast) or just 20 bytes address (unicast) [40 bytes]
> IPoIB header [4 bytes]
> IP data
>
> With Wireshark 1.12 I was considering to distinguish between these two data in dissector via 
> pinfo->file_type_subtype. But with Wireshark 2.0 it doesn't seem to be possible any more (file_type_subtype is not 
> available in dissector).
>
> What would you recommend me here?

Have two separate WTAP_ENCAP_ values, one for IPoIB with the snoop encapsulation and one for IPoIB with the pcap/pcapng 
encapsulation, if they don't already exist.

Register an "IPoIB with the snoop encapsulation" dissector with the WTAP_ENCAP_ value for the IPoIB with the snoop 
encapsulation and register an "IPoIB with the pcap/pcapng encapsulation" dissector with the WTAP_ENCAP_ value for the 
IPoIB with the pcap/pcapng encapsulation.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe