Wireshark-bugs: [Wireshark-bugs] [Bug 8522] Add heuristic to dissect DVB-S2 over ethernet

Date: Wed, 27 Mar 2013 12:09:35 +0000

changed bug 8522

What Removed Added
Status INCOMPLETE CONFIRMED

Comment # 7 on bug 8522 from
(In reply to comment #6)
> Evan,
> 
> (In reply to comment #5)
> > Yuck. So, the "eth" heuristic table is only for protocols that are not
> > ethernet at all but might have ethernet framing (thus the fact that they get
> > called with the whole payload).
> 
> As a matter of fact, it is exactly the case here: DVB-S2 is transported in
> an ethernet framing. I'm sorry, I should have been more precise on this
> point in my initial request.
> But I am glad to know why I had to skip the whole ethernet header!

This isn't quite right, but it's my fault for being unclear: the "eth" table is
for protocols that do not contain any ethernet at all, but look to the capture
process like ethernet. The capture device puts 'ethernet' in the file metadata
and so Wireshark tries to dissect them as ethernet instead of protocol X. These
protocols register to get the entire payload heuristically before the ethernet
dissector goes to work so that if it is an instance of protocol X they get the
entire thing.

A better name for the heuristic table would perhaps be "pre-eth", not "eth".

> > 
> > Your test packet contains an ethernet 802.3 header. As far as I can tell
> > from reading the code, there is no way to register subdissectors for that
> > payload at all - the code claims that Logical Link Control is the only valid
> > protocol to be carried on raw 802.3 of this form.
> > 
> > At this point we're beyond my knowledge of the protocols involved. Is DVB-S2
> > doing something 'improper' when it's carried over raw 802.3? Is the comment
> > in the ethernet dissector wrong?
> 
> Since DVB-S2 is a "modulation and channel coding system" designed to be
> carried over radio waves, there is no specifications -at least that I am
> aware of- for its transport in a "classical", wire-based network (if
> somebody knows of such standard, I will gladly take a look to see if I can
> adapt the dissector).
> Our equipments use an ethernet framing, the same way the equipments the
> original DVB-S2 dissector author has use UDP datagrams, and there might be
> others using other means to carry DVB-S2.

OK, makes sense.

> If you think that the ethernet based dissector is too specific to be
> included into wireshark, I will fully understand your choice.

No, it's just a case we've never come across before (to my knowledge) so
unfortunately it won't be as simple as just registering in an existing
heuristic table. I will ping the -dev mailing list and ask what other feel the
correct approach is. We might create a new table, we could end up rewriting
part of the payload logic for ethernet dissection, I'm not sure yet.

Cheers,
Evan


You are receiving this mail because:
  • You are watching all bug changes.