Hi list,
What do you think--how should we go about this?
-J
Glattfelder Christoph (glc) wrote:
Hello Jeff
Unfortunately, a frame must be searched for the trailer to recognize it as PRP frame. But I see no problem to have it disabled by default.
Best regards
Christoph Glattfelder
Z�rcher Hochschule Winterthur
Institute of Embedded Systems - InES
Technikumstrasse 9
Postfach 805
CH-8401 Winterthur
Tel. +41(0)52 260 69 74
christoph.glattfelder@xxxxxxxx
-----Urspr�ngliche Nachricht-----
Von: Jeff Morriss [mailto:jeff.morriss@xxxxxxxxxxx]
Gesendet: Montag, 16. April 2007 10:26
An: Developer support list for Wireshark; Glattfelder Christoph (glc)
Betreff: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector
Meier Sven (msv) wrote:
This is a dissector for the Parallel Redundancy Protocol (PRP) defined
in chapter 6 of the IEC 62439.
PRP uses two independent networks in parallel and allows redundancy
without switchovers.
The protocol is sending Mac multicast messages with Ethertype 0x88fb. In
addition to that it adds to every Ethernet frame a 4 byte trailer before
the FCS. The trailer is detected by checking a size field and an
identifier which are part of the trailer. Therefore, if the last 4 bytes
of a frame match a correct trailer they get interpreted as a trailer,
although it was probably not a real one.
Is there some way to know if the trailer is going to be there without
searching for it? As it is, registered as a postdissector (didn't even
know those existed until now), this dissector will get called for every
frame--which seems a bit excessive to me.
If there's no way to know ahead of time, maybe this dissector should be
disabled by default, though I'm not sure how to best go about doing that.