Wireshark-dev: Re: [Wireshark-dev] modifying the eth-dissector

From: Pascal Heude <pascalheude@xxxxxxxxxxx>
Date: Tue, 25 Mar 2008 21:47:27 +0100
 Hi Valentin,

I already developped 2 wireshark plugins (dll) to dissect AFDX payloads included in A380 CMS messages (System Identification Data and Normal Mode) .These 2 plugins are below UDP (like any other AFDX payload) and I use the UDP port number (constant for SID and NM) to call the function dissector_add. Of course, I agree that you should look to the VL number which is in the destination MAC address. But, to simplify your plugin, (as I did), you could do in the same way I did based on the UDP port.

Regards.

Pascal

valentin.ecker@xxxxxxxxxx a écrit :

Hi all,

I would like to write a new dissector for wireshark...but im stuck at some points:

My protocol is based on the ARINC AFDX standard which is (more or less) based on Ethernet II frames at layer 2. The difference to this frame type is the MAC-Dest/Source-Address, where a certain address space is defined in advance to recognize the AFDX frames. This ensures that any COTS ethernet controller can ignore such type of frames, but special devices (such as switches and controllers) recognize them. Anyway...i think any other protocol details would go to far....

My Problem is the following now:
I have to inspect the MAC addresses and - if a special address is given - foreward them to my own dissector which dissects further layers. The most obvious thing for me would be to modify the "packet-eth" and branch off there for the next layers (as it is already done with the Cisco ISL frames).
What do you think?

Unfortunately i would prefer a plugin dll instead of compiling the whole source. I think i would have to exchange the whole eth-dissector with my own one residing in the plugin directory...would that be possible, or is there a better solution?

Another problem is, that the address space is defined by a configuration file (an XML File), and must be read at least at every startup of wireshark. Where do you think would be a nice place in the wireshark directory for such a file to be read? I was thinking of: "Read file if there is one, otherwise handle AFDX Frames like Ethernet 2 ones".

Thanks a lot for your help!
Valentin

_______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev



Discutez gratuitement avec vos amis en vidéo ! Téléchargez Messenger, c'est gratuit !