Hello,
so I want to write a dissector plugin for ethereal.
Being a newbie here, following the README.plugin and README.developer,
I now have an kinda empty plugin module dissecting a single byte.
That means I can now learn about how the various proto_tree_add stuff
works, and eventually might get the dissector written.
However it seems like I have a problem with registering it properly.
The protocol I am trying to dissect is actually more a debug interface,
that uses Ethernet port to copy out frames that are not ethernet frames.
Therefore, my dissector needs to be called instead of the EthernetII
dissector (or rather eth/ethertype). Furthermore, this must probably be
selectable at runtime, since there may be real ethernet frames on the
wire. (In a practical environment it should be simple to filter all ethernet
frames from a couple of MAC addresses and thus only the debug frames will
remain - those could then be decoded via the plugin).
So how would I do that ? Given that
dissector_add("ethertype",0xffff, docsis_handle);
would get my dissector added so that I can select it in the "Decode as" menu,
but my dissector doesn't get to see what the ethernet dissector thinks to
be Ethernet addresses....
Any hints would be appreciated!
Regards,
Mario
--
Mario Lorenz Internet: <ml@xxxxxxxxxxx>
Ham Radio: DL5MLO@OK0PKL.#BOH.CZE.EU
* Newsflash: Microsoft announces Visual Edlin for Windows98!
