wireshark-dev October 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: Re: [Wireshark-dev] How to add a wtap encapsulati

Re: [Wireshark-dev] How to add a wtap encapsulation?

From: Jeff Morriss <jeff.morriss.ws_at_nospam>
Date: Wed Oct 13 2010 - 15:43:40 GMT
To: Developer support list for Wireshark <wireshark-dev@wireshark.org>

Yo Mismo wrote:
> I want to add a wtap encapsulation for a new link layer protocol. I have
> added the name and abrev to encap_type_info encap_table_base in wtap.c
> and also in wtap.h I have added it (#define WTAP_ENCAP_XXX 127)
> The dissector reg handoff calls
> dissector_add("wtap_encap", WTAP_ENCAP_XXX , xxx_handle);
> But when I open a captured file, the dissector don't works and it shows
> WTAP ENCAP = 0 in the info column
> When I use for example
> dissector_add("wtap_encap", 0 , xxx_handle);
> the dissector works fine, so I think it's a problem with the definition
> for encapsulation. What I'm doing wrong?

The WTAP_ENCAP numbers are NOT equal to the PCAP DLT numbers. There is
a mapping between the two in pcap-common.c.

Of course (to reiterate what Chris said) you MUST first get a new PCAP
DLT number from tcpdump-workers OR use one of the "USER" ones. It's
very easy to do and will save everyone a lot of headaches.
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev