Hi Guy! I hope your weekend was enjoyable. On Sat, May 22, 2010 at 2:39 PM, Guy Harris <g...@alum.mit.edu> wrote:
> So presumably the IP protocol rider protocol has fields of its own. > > Does the IP protocol rider have an IP protocol number assigned to it, so > that you have: > link-layer protocol > IP, with the IP protocol number having the value for the IP protocol > rider protocol > IP protocol rider protocol > custom protocol > some protocol that normally runs directly atop IP > > or is this a non-standard encapsulation where you have: > link-layer protocol > IP, with the IP protocol number having the value for the protocol > that's above the custom protocol > IP protocol rider protocol > custom protocol > some protocol that normally runs directly atop IP > The former. The former can be done without modifying Wireshark, but not the way you're > doing it. What is the best way to do it? I overcame the problem of the protocols not matching by seeing that the protocol number copied over from IP to my IP rider and *supposedly* stored in hf_[IPR protocol] field was incorrect. It was 65,000 something when printf'd. What does hf_register_info do with that variable (hf_[IPR protocol])? I suppose telling it that it is an FT_UINT8 tells it how to read it from the tvbuff_t. Does all it do is use tvb_get_guint8()? I had to use that function manually to get the protocols to match correctly with the ip_dissector_table. Before that I tried casting it to a guint8 but that didn't work. It now works with the code I showed before, but I am getting this problem now: http://img80.imageshack.us/img80/5582/malformed.gif -Scott
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
