Ethereal-dev: Re: [Ethereal-dev] Adding the ability to analyze a non-IP non-Ethernet protocol
S. Tyler McHenry wrote:
And now I have a problem. I have no idea what it the best way to go about
getting this into Ethereal. If the driver sets the arptype to ARPHRD_SLIP
OK, so this is on Linux (as per the ARPHRD_).
So the driver plugs into the Linux networking stack, so that it can
*have* an arptype? If so, you might want to try getting a new ARPHRD_
value, and, if you succeed, get a new DLT_ value from tcpdump.org and
change libpcap's pcap-linux.c to map your new ARPHRD_ value to your new
DLT_ value.
Is there any way I can add the ability to replace "Raw IP" with "Raw
MyNetworkProtocol" and run the appropriate dissector?
You could change the code in "packet-raw.c" to dissect your protocol, in
your personal version of Ethereal.
I'd like to know what the simplest approach to this is - most specifically if
I'm going to be able to avoid adding a whole new ARPHRD type and making
changes to libpcap and wiretap.
Modifying "packet-raw.c" is the simplest approach, if "simple" includes
avoiding allocating new ARPHRD_ and DLT_ values and modifying libpcap
and WinPcap to handle them - and *doesn't* include "getting your changes
into the main version of Ethereal so that you don't have to continue to
maintain your changes", because anything to reinterpret DLT_RAW is a bit
of a hack.
If you want this in the mainstream Ethereal, I'd *strongly* suggest you
pursue getting new ARPHRD_ values (I don't know how easy that is, at
this point) and new DLT_ values (which tcpdump.org gives out if you ask
for them - the Linux folks should probably have the same policy, but
that doesn't mean that they do), and modifying libpcap and tcpdump (and
submitting patches to tcpdump.org and ethereal.com for them), along with
the new dissector.
