Ethereal-dev: Re: [ak@xxxxxxxxxxxx: Re: [Ethereal-dev] FW1 monitor dissector patch]

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sat, 13 Jul 2002 02:50:19 -0700
On Fri, Jun 28, 2002 at 05:18:27PM +0200, Alfred Koebler wrote:
> +  etype = tvb_get_ntohs(tvb, 12);
> +
> +  if (tree) {
> +    sprintf(header, "FW1 Monitor");
> +
> +    /* fetch info to local variable */
> +    direction[0] = tvb_get_guint8(tvb, 0);
> +    direction[1] = 0;
> +    tvb_get_nstringz0(tvb, 2, 10, interface);

It looks as if the Firewall-1 header is like an Ethernet header except
that it has 1 byte of direction, 1 byte of something, and 10 bytes of
interface name, rather than 2 6-byte MAC addresses.

Should FW1 monitor files be handled by the Ethernet dissector checking
the "interpret_as_fw1_monitor" flag and, if it's set, displaying the
direction and interface name rather than the MAC addresses?