Wireshark-dev: Re: [Wireshark-dev] Ability to Re-dissect Packets
Rick Gudmundson wrote:
I have some encapsulated packets (ethernet frame is payload of a UDP
packet) and I'm trying to find the best way to dissect them.
The best way to dissect them is to take the payload and hand it to the
Ethernet dissector.
Use find_dissector() in your dissector's handoff routine to get a handle
for the Ethernet dissector. If the encapsulated Ethernet frame includes
the FCS, pass "eth_withfcs" to find_dissector(), otherwise pass
"eth_withoutfcs" to find_dissector().
Then, in the dissector for this protocol, use tvb_new_subset() to
construct a tvbuff containing the Ethernet frame, and use
call_dissector() to call the Ethernet dissector, passing it that tvbuff.
Search for "eth_withfcs" in epan/dissectors/*.c to find some examples,
e.g. the code to handle bridged PDUs in packet-llc.c