Wireshark-dev: Re: [Wireshark-dev] calling a dissector for a specific mac address

From: Richard van der Hoff <richardv@xxxxxxxxxxxxx>
Date: Wed, 02 Jul 2008 09:29:10 +0100
Richard K�mmel wrote:
Hi,
I am writing a dissector for a device of ours that adds a header before the actual ethernet header. The header is recognized by looking at the first 6 Bytes. If the first 6 byte are 01 01 05 10 00 00 ( a mulitcast address of ours, that is only used for this purpose), the frame is an esl frame.

Why not use the ethernet type field for this? It seems to fly somewhat in the face of convention to have to interpret ethernet packets differently depending on their destination address.

The only way i managed to handle this is by checking the address in dissect_eth_common and then calling the dissector directly.

...

Is there a different and better way to do this? If not is it ok to add code like this
to the sources of wireshark?

If this is really the only way to recognise these packets, it would be better to add a heuristic subdissector - see packet-hilscher.c for an example. Though, as the Cisco comment implies, I think your protocol design is hideous.