On Nov 10, 2006, at 8:34 AM, trefor.2.edwards@xxxxxx wrote:
I guess that for the SNA trace file I'll need a vms_sna.c,
vms_open_sna() and a link to ms_open_sna() from file_access.c. But
will I need to add a new WTAP_ENCAP_SNA?
What information is in those traces?
I.e., at what protocol layer do they start? If this is SNA-over-SDLC
(i.e., over some sort of serial link), does it start with SDLC, or
with the protocol running atop SDLC (the one described at
http://www.protocols.com/pbook/sna.htm#SNA
)? If this is SNA-over-Ethernet or SNA-over-Token Ring or SNA-over-
{fill in the IEEE 802-style network}, does it start with Ethernet or
Token Ring or..., or does it start with the protocol running atop that?
If it starts with SDLC or Ethernet or Token Ring or..., you'd use the
appropriate encapsulation for that (WTAP_ENCAP_SDLC,
WTAP_ENCAP_ETHERNET, WTAP_ENCAP_TOKEN_RING, etc.).
If it starts with the protocol running atop SDLC or Ethernet or...,
you'd need to add a new WTAP_ENCAP_SNA, and use that.
And I don't understand how I build the links to the existing SNA
modules in packet-sna.c or even packet-sdlc.c!
If the lowest protocol layer in the capture is SDLC, returning
WTAP_ENCAP_SDLC is sufficient to get the module in packet-sdlc.c to be
called; the same applies, *mutatis mutandis*, for WTAP_ENCAP_ETHERNET,
WTAP_ENCAP_TOKEN_RING, etc..
If the lowest protocol layer in the capture is the protocol running
atop SDLC/Ethernet/etc., then you'd have to modify
"proto_reg_handoff_sna()" in packet-sna.c to do
dissector_add("wtap_encap", WTAP_ENCAP_SNA, sna_handle);
after adding WTAP_ENCAP_SNA and having your code return it as the link-
layer encapsulation.
(BTW, I'd recommend having this code read the raw traces, if at all
possible; digging through text files is a bit of a pain.