Wireshark-bugs: [Wireshark-bugs] [Bug 9933] Questionable calling of ethernet dissector by encaps

Date: Wed, 20 Jan 2016 10:02:55 +0000

Comment # 33 on bug 9933 from
(In reply to Hadriel Kaplan from comment #2)
> The tricky thing with that is we'll break any Lua script that called that
> dissector before... though arguably they probably shouldn't have been, for
> the same reasons as the bug. But I know some scripts do call it today.
> 
> Also, how do external third-party plugins call dissectors?  If it's through
> the name lookup method then same problem for them. (though we don't seem to
> care as much about plugin compatibility :)

The chances are extremely good that any Lua or C dissector calling the "eth"
dissector really should be calling the "eth_withfcs" or "eth_withoutfcs"
dissectors, given how few dissectors remain that call the "eth" dissector (and
my goal is to reduce that number to 1, i.e. the ATM dissector).  If they were
changed to do so, they'll still work with versions of Wireshark dating back at
least as far as 1.12, and possibly older.

So I've renamed the "eth" dissector to "eth_maybefcs", to make developers
notice that there's no such thing as the "Ethernet" dissector and that they
need to figure out *which* Ethernet dissector to call.  That dissector takes no
additional data argument.  There's another dissector, called *only* for
Ethernet packets in a capture file, where it's passed a pointer to a "struct
eth_phdr" that indicates whether it's known that there is an FCS, known that
there isn't an FCS, or unknown whether there's an FCS or not.


You are receiving this mail because:
  • You are watching all bug changes.