Wireshark-dev: Re: [Wireshark-dev] SNA Trace on VMS
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 10 Nov 2006 16:38:16 -0800

On Nov 10, 2006, at 8:34 AM, trefor.2.edwards@xxxxxx wrote:
I guess that for the SNA trace file I'll need a vms_sna.c, vms_open_sna() and a link to ms_open_sna() from file_access.c. But will I need to add a new WTAP_ENCAP_SNA?
What information is in those traces?

I.e., at what protocol layer do they start? If this is SNA-over-SDLC (i.e., over some sort of serial link), does it start with SDLC, or with the protocol running atop SDLC (the one described at

	http://www.protocols.com/pbook/sna.htm#SNA

)? If this is SNA-over-Ethernet or SNA-over-Token Ring or SNA-over- {fill in the IEEE 802-style network}, does it start with Ethernet or Token Ring or..., or does it start with the protocol running atop that?

If it starts with SDLC or Ethernet or Token Ring or..., you'd use the appropriate encapsulation for that (WTAP_ENCAP_SDLC, WTAP_ENCAP_ETHERNET, WTAP_ENCAP_TOKEN_RING, etc.).

If it starts with the protocol running atop SDLC or Ethernet or..., you'd need to add a new WTAP_ENCAP_SNA, and use that.
And I don't understand how I build the links to the existing SNA modules in packet-sna.c or even packet-sdlc.c!
If the lowest protocol layer in the capture is SDLC, returning WTAP_ENCAP_SDLC is sufficient to get the module in packet-sdlc.c to be called; the same applies, *mutatis mutandis*, for WTAP_ENCAP_ETHERNET, WTAP_ENCAP_TOKEN_RING, etc..

If the lowest protocol layer in the capture is the protocol running atop SDLC/Ethernet/etc., then you'd have to modify "proto_reg_handoff_sna()" in packet-sna.c to do

	dissector_add("wtap_encap", WTAP_ENCAP_SNA, sna_handle);

after adding WTAP_ENCAP_SNA and having your code return it as the link- layer encapsulation.

(BTW, I'd recommend having this code read the raw traces, if at all possible; digging through text files is a bit of a pain.