 | 1 | initial version |
@Chuckc is right. eth is expecting the MAC addresses before the ethertype field.
I have changed my lua here, it is imprecise, but enough for my requirement.
f2_shim = Proto ("f2_shim","Cisco F2 shim header")
index = ProtoField.uint16("Index","f2_shim.index",base.HEX)
data = ProtoField.uint64("Data","f2_shim.data",base.HEX)
type = ProtoField.uint16("Type","f2_shim.type",base.HEX)
f2_shim.fields = {index, data, type}
function f2_shim.dissector(buffer,pinfo,tree)
pinfo.cols.protocol = "f2_shim"
local f2_type = buffer(10,2)
local subtree = tree:add(f2_shim,buffer(),"f2_shim Header")
subtree:add(index,buffer:range(0,2))
subtree:add(buffer(2,8),"data1: " .. buffer(2,8):uint64())
subtree:add(type,buffer:range(10,2))
if (f2_type:uint() == 0x0800) then
Dissector.get("ip"):call(buffer(12):tvb(), pinfo, tree)
elseif (f2_type:uint() == 0x0806) then
Dissector.get("arp"):call(buffer(12):tvb(), pinfo, tree)
end
end
ether_table = DissectorTable.get("ethertype")
ether_table:add(0xf001,f2_shim)