On Mar 18, 2016, at 9:00 AM, Petr Sumbera <petr.sumbera@xxxxxxxxxx> wrote:
> at this moment Wireshark can read snoop files with IPoIB[1] data:
>
> https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-ipoib.c
>
> I'm working on extending it to support also data as they come from PCAP on Solaris (at this moment Solaris generates data with DLT_USER15 which need to be fixed anyway).
It most *definitely* needs to be fixed, just as Apple's use of DLT_USER2 needs to be fixed.
> Unfortunately there is for some unknown reason following difference:
>
> Snoop contains:
> IPoIB header [4 bytes]
> IP data
>
> PCAP data contains:
> GRH Header (multicast) or just 20 bytes address (unicast) [40 bytes]
> IPoIB header [4 bytes]
> IP data
>
> With Wireshark 1.12 I was considering to distinguish between these two data in dissector via pinfo->file_type_subtype. But with Wireshark 2.0 it doesn't seem to be possible any more (file_type_subtype is not available in dissector).
>
> What would you recommend me here?
Have two separate WTAP_ENCAP_ values, one for IPoIB with the snoop encapsulation and one for IPoIB with the pcap/pcapng encapsulation, if they don't already exist.
Register an "IPoIB with the snoop encapsulation" dissector with the WTAP_ENCAP_ value for the IPoIB with the snoop encapsulation and register an "IPoIB with the pcap/pcapng encapsulation" dissector with the WTAP_ENCAP_ value for the IPoIB with the pcap/pcapng encapsulation.