Wireshark-dev: Re: [Wireshark-dev] X.25, LAPB, PLP Decoding
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 18 Jun 2007 11:13:46 -0700
Mirko.Karanovic@xxxxxx wrote:

I think that I should define proprietary “DLT_LAPB” value and do whatever necessary steps in wtap (WireShark) in order to recognize my DLT_LAPB type form libpcap file header. After that I should be able to see LAPB frames and PLP packets in the WireShark.

Nobody should ever define, by themselves, a proprietary DLT_ value. If you just pick some number to assign to that DLT_ name, there is a chance that tcpdump.org will assign that value to an official DLT_ in the future, and, if that happens, Wireshark will almost certainly be modified to interpret that value as that DLT_. That would mean your changes would have to *override* that.

The alternatives are:

1) ask tcpdump-workers@xxxxxxxxxxx to add an *official* DLT_LAPB and assign a value to it, which means that Wiretap could be changed to that the *standard* version will decode that DLT_ value as LAPB (so you wouldn't need to maintain your own version of Wireshark);

	2) use one of the DLT_USERn values.

I would recommend alternative 1.