Ethereal-dev: Re: [Ethereal-dev] Dissector for DOCSIS

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sun, 23 Jun 2002 15:11:40 -0700
On Sun, Jun 23, 2002 at 09:55:13AM -0400, Anand V. Narwani wrote:
> You are also correct in assuming that I would want to capture with Ethereal 
> or some such capture tool. Here's what I did to allow me to test my dissector:
> 1. I added a new encapsulation type to wtap.c:  WTAP_ENCAP_DOCSIS
> 2. I then added a global preference to the prefs_dlg.c to add a new page 
> called DOCSIS Preferences.  This sets a global boolean.  The intent here is 
> that if this preference is set, all frames will be treated as DOCSIS frames.
> 3. In packet-frame.c, I added a check for that boolean, that will set 
> pinfo->fd->lnk_t = WTAP_ENCAP_DOCSIS
> 4. The DOCSIS dissector is registered using: dissector_add("wtap_encap", 
> WTAP_ENCAP_DOCSIS, docsis_handle);
> 
> This allows me to capture with Ethereal, and save files in libpcap format, 

Except that there's no DLT_DOCSIS encapsulation type in libpcap format,
so the Wiretap code would have to map WTAP_ENCAP_DOCSIS to DLT_EN10MB.

> and open .enc files containing DOCSIS frames.

If you want to be able to capture DOCSIS-using-Ethernet-as-a-bit-pipe
traffic with tools other than Ethereal, such as a Sniffer (which I infer
you're using, given the ".enc"), then I'm not sure a new encapsulation
type is the right answer.

Instead, I think the right answer might be to have an Ethernet-specific
preference that causes the Ethernet dissector to hand the frame to the
DOCSIS dissector, and just use WTAP_ENCAP_ETHERNET for those files.

> I have been able to capture 
> with Tethereal, but it does not dissect the frames correctly.   I would 
> guess that this is because I didn't set that preference on the command 
> line.

Yes, it is.

However, if you have not added the preference as a protocol preference,
you would have to add a new command-line option to Tethereal in order to
set that preference on the command line; the only preferences that
*automatically* get command-line options are protocol preferences.

> Does this seem to be a reasonable approach?  Can anyone think of a 
> better way to do this?

See above.

Note, however, that by not adding a new DLT_DOCSIS encapsulation type,
you will not be able to use capture filters in Ethereal when capturing
the DOCSIS-using-Ethernet-as-a-bit-pipe traffic, as libpcap will think
the packets it's capturing are Ethernet packets rather than DOCSIS
packets.