|Main Archive Page > Month Archives > wireshark-dev archives|
Yo Mismo wrote:
> I want to add a wtap encapsulation for a new link layer protocol. I have
> added the name and abrev to encap_type_info encap_table_base in wtap.c
> and also in wtap.h I have added it (#define WTAP_ENCAP_XXX 127)
> The dissector reg handoff calls
> dissector_add("wtap_encap", WTAP_ENCAP_XXX , xxx_handle);
> But when I open a captured file, the dissector don't works and it shows
> WTAP ENCAP = 0 in the info column
> When I use for example
> dissector_add("wtap_encap", 0 , xxx_handle);
> the dissector works fine, so I think it's a problem with the definition
> for encapsulation. What I'm doing wrong?
The WTAP_ENCAP numbers are NOT equal to the PCAP DLT numbers. There is
a mapping between the two in pcap-common.c.
Of course (to reiterate what Chris said) you MUST first get a new PCAP
DLT number from tcpdump-workers OR use one of the "USER" ones. It's
very easy to do and will save everyone a lot of headaches.
Sent via: Wireshark-dev mailing list <email@example.com>