Wireshark-dev: Re: [Wireshark-dev] New DVB_CI dissector: Discussion as to approach
Do you know of a better way to encode the direction in a pcap file or
should I keep the direction byte? (If we go for pcap files and a new
DLT, we should agree on this before I can apply for a DLT value).
..
--To use a pcap format file to contain your captured DVBCI info:
1. As you note: request a DLT to be assigned;
2. Create pcap format capture files in the standard format specifying
your DLT in the file header.
The "payload" in each frame consists of a "pseudo-header" followed by
the actual bytes captured from the wire.
The pseudo-header can contain whatever info you desire,
e.g. header version, header length, direction, ...
--Wireshark changes to process the DVBCI capture file:
There are two approaches to processing the pseudo-header:
1. libpcap processes the pseudo-header and fills in a dissector-specific
structure which is eventually passed to the DVBCI dissector
(pinfo->pseudo_header) along with the actual data.
See wiretap/libpcap.c wiretap/pcap-common.c/process_pseudo_header()
and epan/dissectors/packet-frame.c
This approach is used by most of the dissectors which need info
such as "direction".
2. The dissector processes both the pseudo-header and the actual data.
I.E., From the Wireshark perspective, the pseudo-header is just part
of the captured data (similar to the code in your original patch).
This is the approach used by packet-radiotap.c
---------
I don't know if there are reasons to prefer the first approach even if
the changes (other than the dissector itself) are slightly more
extensive. (Code must be added to libpcap to handle the pseudo-header).
I expect one of the other core-developers (Guy ?) can give some guidance.
----
On a separate note: I would suggest that the pseudo-header be defined in
a manner such that it can be extended or changed.
For instance: I note that the radiotap pseudo-header has a "version" and
a "length" as two initial fields.
