Ok, after messing around quite a bit, I've finally figured out what I'm
doing wrong, and would like people's input about how to do it right :)
I'm playing with a dissector that takes apart encapsulated network
packets. It works perfectly, but I was having problems with the
Protocol and INFO columns not being correct. My original logic looked
like this:
Set PINFO
if (tree) {
Do dissection
Possibly fork off to another dissector.
}
Of course, the problem is obvious. When it builds the PINFO columns,
tree is null. But, since most of my dissection is done in tree, it gets
ugly.
I've changed it to this, which I don't like, but I was hoping to get
some input from people about how to do it better:
{
Set PINFO
Examine headers/packet enough to get info about sub dissectors
if (tree) }
Do dissection
}
if (subdissector criterion) {
Call Subdissector
}
}
But, that is just a bit ugly to me.
And, one last question: These packets can be any type of encapsulated
packet. But, if I send the packet to the ethernet dissector ("eth"), it
won't detect 802.11 packets. Do I have to handle criterion myself, or
is there a way I can send it to a higher dissector? (packet frame seems
to require too much information from the wtap source)
Thanks in advance,
Dave
--
David Frascone
He's not dead, Jim, he's just metabolically challenged.
