Hi, "Yeah, what he said."
About the configuration: he's right again. You better have a *very* good reason why this has to be done with an XML file, since we already have too many config/setting/definition/template files in the tree. Thanx, Jaap Maynard, Chris wrote: > Try registering as a heuristic dissector to packet-eth: > > “heur_dissector_add(“eth”, dissect_afdx, proto_afdx);” > > When handed a frame, your heuristic dissector will scan the MAC to > determine if it’s a “special address” indicating that it’s for your > dissector. If so, process it and return true; otherwise return false so > packet-eth can continue processing and pass the packet to the > appropriate dissector. > > > Probably the easiest thing to do is to use a Wireshark preference > instead of an .xml file to set your address space. > > - Chris > > ------------------------------------------------------------------------ > > *From:* [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] *On Behalf Of > [EMAIL PROTECTED] > *Sent:* Tuesday, March 25, 2008 8:52 AM > *To:* wireshark-dev@wireshark.org > *Subject:* [Wireshark-dev] modifying the eth-dissector > > > Hi all, > > I would like to write a new dissector for wireshark...but im stuck at > some points: > > My protocol is based on the ARINC AFDX standard which is (more or less) > based on Ethernet II frames at layer 2. The difference to this frame > type is the MAC-Dest/Source-Address, where a certain address space is > defined in advance to recognize the AFDX frames. This ensures that any > COTS ethernet controller can ignore such type of frames, but special > devices (such as switches and controllers) recognize them. Anyway...i > think any other protocol details would go to far.... > > My Problem is the following now: > I have to inspect the MAC addresses and - if a special address is given > - foreward them to my own dissector which dissects further layers. The > most obvious thing for me would be to modify the "packet-eth" and branch > off there for the next layers (as it is already done with the Cisco ISL > frames). > What do you think? > > Unfortunately i would prefer a plugin dll instead of compiling the whole > source. I think i would have to exchange the whole eth-dissector with my > own one residing in the plugin directory...would that be possible, or is > there a better solution? > > Another problem is, that the address space is defined by a configuration > file (an XML File), and must be read at least at every startup of > wireshark. Where do you think would be a nice place in the wireshark > directory for such a file to be read? I was thinking of: "Read file if > there is one, otherwise handle AFDX Frames like Ethernet 2 ones". > > Thanks a lot for your help! > Valentin > _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
