On May 6, 2010, at 11:22 AM, zajpv76xaa@xxxxxxxxxxx wrote:
> I'm working on a dissector for a protocol with the OUI extended ethertype (0x88b7 defined in ieee802a),
At least as I read section 12.3 of IEEE Std 802a-2003, the space of protocol IDs for a given OUI is the same as the space of protocol IDs for a given OUI in SNAP:
NOTE 1—The requirement for global uniqueness of protocol identifiers means that if protocol identifier X has been allocated for use by protocol Y, then that protocol identifier can be used with either SNAP or the OUI Extended Ethertype to identify Protocol Y. Conversely, it means that protocol identifier X cannot be used to identify any other protocol.
Wireshark already handles SNAP, so the code to 0x88b7 should work the same way. Unfortunately, that "Guy Harris" person who wrote the 802a dissector didn't notice that, so, whilst it works the same way as the SNAP dissector, it doesn't use the same tables that the SNAP dissector does; I'll ask him to fix it. :-)
> and a fixed OUI and protocol ID following that. Can someone help me figure out how to use the ieee802a dissector to only dissect the packets I want? The best results I've received so far are with dissector_add("ethertype", 0x88b7, handle), but that obviously dissects all extended ethertypes.
...and either
1) has no effect
or
2) steals the handling of 0x88b7 out from under the 802a dissector
depending on the order in which the two dissectors' calls to dissector_add() are done, so you don't want to do that.
What you want to do, for now, is:
1) create a dissector table for your OUI, to map protocol IDs to dissectors;
2) call ieee802a_add_oui() to register your OUI with that dissector table;
3) call dissector_add() to add your protocol ID/IDs to your dissector table.
For examples of how to do that, see one of the dissectors that uses llc_add_oui() - ieee802a_add_oui() works in the same fashion.
I'll merge llc_add_oui() and ieee802a_add_oui() so that the OUI/protocol ID pairs work the same for SNAP and 802a; when that's done, you'd use the merged routine instead of ieee802a_add_oui(). (I'll probably give the merged routine some snappy imaginative name such as snap_ieee802a_add_oui().) That change will be in the development builds (1.3.x) and in the future 1.4.x release line, but will not be in the 1.0.x or 1.2.x release lines.
> And I couldn't figure out how to use ieee802a_add_oui, or even if that's what I need in this case.
Yes, that's what you need in this case; for now, look at the dissectors using llc_add_oui() - and the dissectors that register in the dissector tables created by the dissectors using llc_add_oui() - for examples of how to do this. epan/dissectors/packet-nt-oui.c is a disssector using llc_add_oui(); epan/dissectors/packet-nt-sonmp.c is a dissector registering in a dissector table created by epan/dissectors/packet-nt-oui.c