Hi Guy,
So this is starting to make a little more sense. I have one more question
though: If I add a DLT_DOCSIS encapsulation type to libpcap, would I lose
the ability to "Save as..." other file types (Sniffer for example)? The
problem is that I want to have my cake and eat it too :) I really like the
idea of adding a Ethernet specific preference to hand the frame off to a
DOCSIS dissctor, and I also like the idea of being able to use capture
filters. However, I'm not sure those are compatible goals.
Thanks again,
Anand
At 03:11 PM 6/23/2002 -0700, Guy Harris wrote:
On Sun, Jun 23, 2002 at 09:55:13AM -0400, Anand V. Narwani wrote:
> You are also correct in assuming that I would want to capture with
Ethereal
> or some such capture tool. Here's what I did to allow me to test my
dissector:
> 1. I added a new encapsulation type to wtap.c: WTAP_ENCAP_DOCSIS
> 2. I then added a global preference to the prefs_dlg.c to add a new page
> called DOCSIS Preferences. This sets a global boolean. The intent
here is
> that if this preference is set, all frames will be treated as DOCSIS
frames.
> 3. In packet-frame.c, I added a check for that boolean, that will set
> pinfo->fd->lnk_t = WTAP_ENCAP_DOCSIS
> 4. The DOCSIS dissector is registered using: dissector_add("wtap_encap",
> WTAP_ENCAP_DOCSIS, docsis_handle);
>
> This allows me to capture with Ethereal, and save files in libpcap format,
Except that there's no DLT_DOCSIS encapsulation type in libpcap format,
so the Wiretap code would have to map WTAP_ENCAP_DOCSIS to DLT_EN10MB.
> and open .enc files containing DOCSIS frames.
If you want to be able to capture DOCSIS-using-Ethernet-as-a-bit-pipe
traffic with tools other than Ethereal, such as a Sniffer (which I infer
you're using, given the ".enc"), then I'm not sure a new encapsulation
type is the right answer.
Instead, I think the right answer might be to have an Ethernet-specific
preference that causes the Ethernet dissector to hand the frame to the
DOCSIS dissector, and just use WTAP_ENCAP_ETHERNET for those files.
> I have been able to capture
> with Tethereal, but it does not dissect the frames correctly. I would
> guess that this is because I didn't set that preference on the command
> line.
Yes, it is.
However, if you have not added the preference as a protocol preference,
you would have to add a new command-line option to Tethereal in order to
set that preference on the command line; the only preferences that
*automatically* get command-line options are protocol preferences.
> Does this seem to be a reasonable approach? Can anyone think of a
> better way to do this?
See above.
Note, however, that by not adding a new DLT_DOCSIS encapsulation type,
you will not be able to use capture filters in Ethereal when capturing
the DOCSIS-using-Ethernet-as-a-bit-pipe traffic, as libpcap will think
the packets it's capturing are Ethernet packets rather than DOCSIS
packets.
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
--
Anand V. Narwani, CCIE 3892
Advanced Engineering Services
Cisco Systems, Inc.
Direct/Fax: 919.392.3404
Email: anarwani@xxxxxxxxx
"Meddle not in the affairs of dragons, for you are crunchy and taste good
with ketchup"