Many thanks to Martin and Guy for the feedback on this thread. I have implemented option 3 for the time being just to test my dissector and move forwards, but I like the idea of a psuedo-wrapper around the packet with some additional flags, so I'll investigate this on the next spin.
Really appreciate the guidance. Kind Regards Andrew On Wed, Oct 24, 2012 at 4:02 PM, Andrew Lonsdale <[email protected]>wrote: > Hi Folks, > > I'm writing a dissector for an interface which doesn't indicate direction > of data flow in the packet headers. I currently capture separate files in > pcapng format for uplink and downlink (separate streams), but I could merge > the two into a file. Currently I just open one file and merge the other in > Wireshark itself. > > It would be useful to be able to indicate in the PROTOCOL column if a > packet is an uplink or downlink packet, and I have four possible methods in > mind: > > 1) Have two different DLT's, one for uplink and one for downink, and > effectively treat the two as separate interfaces. This is probably easiest > but seems heavy handed. > > 2) I have been looking into setting the epb_flags option in the EHB blocks > to indicate uplink and downlink, but I can't find out how to access that > field of data in my dissector. > > 3) Add an opt_comment with known text ("UP" or "DN") and parse for that > text during dissection. Easy to implement but a bit clunky. > > 4) Fiddle with a reserved bit in the packet header. This feels like a bad > thing to do as it alters the item under test. > > Method 2 feels like it would be the right thing to do, and 3 looks like > the easiest. > > Is there a preferred way of dealing with this issue, and does anyone have > any observations about what I am trying to do ? > > Kind Regards > Andrew >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
