Richard K�mmel wrote:
Hi,
I am writing a dissector for a device of ours that adds a header before
the actual ethernet header.
The header is recognized by looking at the first 6 Bytes. If the first 6
byte are 01 01 05 10 00 00
( a mulitcast address of ours, that is only used for this purpose), the
frame is an esl frame.
Why not use the ethernet type field for this? It seems to fly somewhat
in the face of convention to have to interpret ethernet packets
differently depending on their destination address.
The only way i managed to handle this is by checking the address in
dissect_eth_common
and then calling the dissector directly.
...
Is there a different and better way to do this? If not is it ok to add
code like this
to the sources of wireshark?
If this is really the only way to recognise these packets, it would be
better to add a heuristic subdissector - see packet-hilscher.c for an
example. Though, as the Cisco comment implies, I think your protocol
design is hideous.