Michael A. Ruzinsky wrote:
I have just gone through the packet-foo.c dissector example in the documentation and was able to
compile and dissect the example data correctly. Now I would like to try to re-write it so that
it handled pcap files with a data link type of 147 (USER0). My code compiles but it doesn't
seem to have any effect on wireshark. I know there should be more code here, but I would
think this would be enough to get wireshark to recognize the data as FOO. Any ideas?
Here is what I have so far in packet-foo.c:
[...]
void proto_reg_handoff_foo(void) {
static gboolean initialized = FALSE;
if (!initialized) {
foo_handle = create_dissector_handle(dissect_foo, proto_foo);
dissector_add("wtap_encap", WTAP_ENCAP_USER0, foo_handle);
initialized = TRUE;
For that to work you're probably going to have to disable the DLT_USER
(packet-user-encap.c) dissector--which is also registering for
WTAP_ENCAP_USER0.
Or (better yet) use that dissector to send USER0 to your dissector
(Edit->Preferences->Protocols->DLT_USER).