Wireshark-dev: Re: [Wireshark-dev] Extending the DHCP dissector

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 24 Sep 2009 15:26:02 -0700

On Sep 24, 2009, at 3:00 PM, Borz, John (IPG-Roseville R&D) wrote:

That's what I was looking for. I would like to extend a production Wireshark installation to support decoding these options similar to the new dissector DLL plugin model. Is this possible with the built-in dissectors?

The dissector plugin model allows a dissector to be plugged into any dissector table; this means that there already needs to be a dissector that registers that table.

Currently, the BOOTP dissector doesn't register any such table, so, as I said, there is currently no mechanism to do what you want to do. You would have to change the BOOTP dissector in order to do that; that would require you to get the Wireshark source, change it, compile it, and distribute that modified version of Wireshark, along with the plugin.

Wireshark 1.2 has a limited ability to support custom DHCP options without changing the code. There is a "Custom BootP/DHCP Options" preference, which takes a string of the form

	176,MyOption,string;242,NewOption,ipv4

i.e., a semicolon-separated list of options, where each option is a comma-separated list with:

	option number - a value between 1 and 254
	option name - the name for the option
	option type:

		string, for an option that's a character string;
		ipv4, for an option that's an IPv4 address;
		bytes, for an option that's an opaque blob of bytes.

If your option is more complicated than that, this feature cannot support it.