Jeremy Georges wrote:
Hope everyone is doing well!
I'm in the process of writting a dissector for some L2 protocols that are
encapsalated in a SNAP packet.
Then you want to
1) write a "dissector" for the OUI for those protocols - see
epan/dissectors/packet-{cisco,nt}-oui.c for two examples of how that's done;
2) write a dissector for your protocol which registers in the dissector
table for the OUI "dissector" - see epan/dissectors/packet-dtp.c for a
dissector that works that way.
Two approaches I can take, either utilize the
OUI ID of 0x00E02B
Use the OUI - that's what the above approach does.
My issue that I'm having is figuring out what PARENT_SUBFIELD options I
have. There is lots of info on tcp or udp based options (like tcp.port) But
what options do I have for an OUI specific value
llc.cisco_pid for Cisco's OUI and llc.nortel_pid for Nortel's OUI. For
other OUIs you'll have to create one yourself - that's what the OUI
"dissector" does.
I apoligize if this has already been asked, but I can't seem to find an
exhaustive list anywhere that gives all possible fields that ethereal
supports for dissector_add() function (specifically the PARENT_SUBFIELDS).
There isn't one - the list changes over time, and, in fact, a *plugin
dissector* can add one, so the list could be different if you've
installed a plugin that doesn't come with Ethereal.
I wish I could do a dissector_add("oui.value", 0x00e02b, myproto_handle).
The equivalent of that would be the "llc_add_oui()" calls in
packet-{cisco,nt}-oui.c.
However, that doesn't add a *dissector*, it just adds a new dissector
*table* corresponding to the PID values for a particular OUI. You'd
then have to add dissectors for the particular PID values to that table.
