Wireshark · Wireshark-dev: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector -> now disabled by default

Wireshark-dev: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector -> now disabled

From: "Meier Sven (msv)" <msv@xxxxxxxx>

Date: Mon, 11 Jun 2007 11:04:50 +0200

Hi

Finally I found the required function to disable the protocol by default.
So now the dissector is disabled by default, it can be enabled over the normal enable/disable protocol wizard.

Best regards
	Sven Meier

 ///////  |||   |||  ///|||  ///        Sven Meier
///////   |||   ||| /// ||| ///         Dipl.Ing. FH Informationstechnologie
   ///          |||///  |||///          Entwicklungsingenieur IEEE 1588
  ///           ||///   ||///           Institute of Embedded Systems 
 ///////  |||   |///    |///            Raum / Room InES TW 220
///////   |||   ///     ///             Postfach 805
                                        CH-8401 Winterthur
                                        Switzerland
 
Zuercher Hochschule Winterthur          Phone :    +41 (0)52 267 70 58
(University of Applied Sciences)        Fax   :    +41 (0)52 268 70 58
Mitglied der Zuercher Fachhochschule    msv@xxxxxxxx
 

-----Ursprüngliche Nachricht-----
Von: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im Auftrag von Meier Sven (msv)
Gesendet: Freitag, 1. Juni 2007 10:27
An: Developer support list for Wireshark
Betreff: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector

The thing is, that not the "dissector_add" function but the "register_postdissector" function is the problem. So this dissector is called after all other dissectors independent of port or ethertype. 
And how can I change values of a dissector at runtime? 

The best solution would be if I could call some function, or set some value, that disables the dissector by default, but that I can enable it by hand over the enable/disable protocol wizard.

In which configuration file are my preferences (which protocols are enabled/disabled) stored anyway? If that file already exists at installation time, we could probably change the entry of the PRP protocol to disabled.

Best regards
	Sven Meier


 ///////  |||   |||  ///|||  ///        Sven Meier
///////   |||   ||| /// ||| ///         Dipl.Ing. FH Informationstechnologie
   ///          |||///  |||///          Entwicklungsingenieur IEEE 1588
  ///           ||///   ||///           Institute of Embedded Systems 
 ///////  |||   |///    |///            Raum / Room InES TW 220
///////   |||   ///     ///             Postfach 805
                                        CH-8401 Winterthur
                                        Switzerland
 
Zuercher Hochschule Winterthur          Phone :    +41 (0)52 267 70 58
(University of Applied Sciences)        Fax   :    +41 (0)52 268 70 58
Mitglied der Zuercher Fachhochschule    msv@xxxxxxxx
 

-----Ursprüngliche Nachricht-----
Von: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im Auftrag von Stephen Fisher
Gesendet: Donnerstag, 31. Mai 2007 21:38
An: Developer support list for Wireshark
Betreff: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector

A common method to disable a dissector is to register it with a 0 value 
for the port/ethertype and have a preference where this can be changed 
from a value other than 0.

On Tue, May 29, 2007 at 09:51:30AM +0800, Jeff Morriss wrote:
> 
> Oops, overlooked this one.  Any idea *how*?
> 
> (I'm terribly busy these days so not much time to research it.)
> 
> Stephen Fisher wrote:
> > Let's disable it by default to avoid the overhead of checking every 
> > packet.
> > 
> > On Mon, Apr 16, 2007 at 05:53:19PM +0800, Jeff Morriss wrote:
> >> Hi list,
> >>
> >> What do you think--how should we go about this?
> >>
> >> -J
> >>
> >> Glattfelder Christoph (glc) wrote:
> >>> Hello Jeff
> >>>
> >>> Unfortunately, a frame must be searched for the trailer to 
> >>> recognize it as PRP frame. But I see no problem to have it 
> >>> disabled by default.
> >>>
> >>>
> >>> Best regards
> >>>
> >>> Christoph Glattfelder
> >>>
> >>> Z??rcher Hochschule Winterthur
> >>> Institute of Embedded Systems - InES
> >>>
> >>> Technikumstrasse 9
> >>> Postfach 805
> >>> CH-8401 Winterthur
> >>> Tel. +41(0)52 260 69 74
> >>>
> >>> christoph.glattfelder@xxxxxxxx
> >>>
> >>>
> >>> -----Urspr??ngliche Nachricht-----
> >>> Von: Jeff Morriss [mailto:jeff.morriss@xxxxxxxxxxx] 
> >>> Gesendet: Montag, 16. April 2007 10:26
> >>> An: Developer support list for Wireshark; Glattfelder Christoph (glc)
> >>> Betreff: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector
> >>>
> >>>
> >>>
> >>> Meier Sven (msv) wrote:
> >>>> This is a dissector for the Parallel Redundancy Protocol (PRP) defined 
> >>>> in chapter 6 of the IEC 62439.
> >>>>
> >>>> PRP uses two independent networks in parallel and allows redundancy 
> >>>> without switchovers.
> >>>>
> >>>> The protocol is sending Mac multicast messages with Ethertype 0x88fb. In 
> >>>> addition to that it adds to every Ethernet frame a 4 byte trailer before 
> >>>> the FCS. The trailer is detected by checking a size field and an 
> >>>> identifier which are part of the trailer. Therefore, if the last 4 bytes 
> >>>> of a frame match a correct trailer they get interpreted as a trailer, 
> >>>> although it was probably not a real one.
> >>> Is there some way to know if the trailer is going to be there without 
> >>> searching for it?  As it is, registered as a postdissector (didn't even 
> >>> know those existed until now), this dissector will get called for every 
> >>> frame--which seems a bit excessive to me.
> >>>
> >>> If there's no way to know ahead of time, maybe this dissector should be 
> >>> disabled by default, though I'm not sure how to best go about doing that.
> >>>
> >>>
> >> _______________________________________________
> >> Wireshark-dev mailing list
> >> Wireshark-dev@xxxxxxxxxxxxx
> >> http://www.wireshark.org/mailman/listinfo/wireshark-dev
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> > 
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Attachment: prp_patch.gz
Description: prp_patch.gz

Attachment: prp_frames.cap
Description: prp_frames.cap

References:
- Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector
  - From: Meier Sven (msv)

Prev by Date: Re: [Wireshark-dev] AMQP dissector patch
Next by Date: [Wireshark-dev] Howto unregister a dissector?
Previous by thread: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector
Next by thread: Re: [Wireshark-dev] Implementation of Morphing Display filters on the fly ....
Index(es):
- Date
- Thread