Wireshark-dev: Re: [Wireshark-dev] Extending the DHCP dissector

From: "Borz, John (IPG-Roseville R&D)" <john.borz@xxxxxx>
Date: Fri, 25 Sep 2009 22:43:36 +0000
How would the original bootp dissector be disabled?  

For now I'm pursuing the option of modifying the bootp dissector.  Looks like redistributing just the libwireshark.dll may work for in house redistribution.  

A more elegant solution through plugins would be nice though.

thanks,
John
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Maynard, Chris
Sent: Thursday, September 24, 2009 9:20 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Extending the DHCP dissector

It might be possible to:
1) Take the existing BOOTP dissector and make the entire thing into a
plugin but changing the name wherever it matters, such as with the
handoff and register functions, display filter fields, possibly
preferences, and whatever else to avoid name conflicts and the like.
2) Add your option, compile and distribute just your new bootp2.dll
3) Run Wireshark but disable the original bootp dissector.

DISCLAIMER: I've never done this nor do I know for certain if it can be
done or not, nor do I suspect it would be recommended to do this even if
it can be done.

> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-
> bounces@xxxxxxxxxxxxx] On Behalf Of Borz, John (IPG-Roseville R&D)
> Sent: Thursday, September 24, 2009 7:07 PM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Extending the DHCP dissector
> 
> My option is actually the NAP MS-SOH option with a vendor specific SOH
> embedded.  I have the Wireshark development environment setup, and
I've
> written a dissector for a custom protocol already.  I was just trying
> to minimize the distribution impact.  Sounds like I'll have to
> distribute the whole package.
> 
> thanks,
> John
> 
> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-
> bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
> Sent: Thursday, September 24, 2009 3:26 PM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Extending the DHCP dissector
> 
> 
> On Sep 24, 2009, at 3:00 PM, Borz, John (IPG-Roseville R&D) wrote:
> 
> > That's what I was looking for.  I would like to extend a production
> > Wireshark installation to support decoding these options similar to
> > the  new dissector DLL plugin model.  Is this possible with the
> > built-in dissectors?
> 
> The dissector plugin model allows a dissector to be plugged into any
> dissector table; this means that there already needs to be a dissector
> that registers that table.
> 
> Currently, the BOOTP dissector doesn't register any such table, so, as
> I said, there is currently no mechanism to do what you want to do.
> You would have to change the BOOTP dissector in order to do that; that
> would require you to get the Wireshark source, change it, compile it,
> and distribute that modified version of Wireshark, along with the
> plugin.
> 
> Wireshark 1.2 has a limited ability to support custom DHCP options
> without changing the code.  There is a "Custom BootP/DHCP Options"
> preference, which takes a string of the form
> 
> 	176,MyOption,string;242,NewOption,ipv4
> 
> i.e., a semicolon-separated list of options, where each option is a
> comma-separated list with:
> 
> 	option number - a value between 1 and 254
> 	option name - the name for the option
> 	option type:
> 
> 		string, for an option that's a character string;
> 		ipv4, for an option that's an IPv4 address;
> 		bytes, for an option that's an opaque blob of bytes.
> 
> If your option is more complicated than that, this feature cannot
> support it.
>
_______________________________________________________________________
> ____
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-
> request@xxxxxxxxxxxxx?subject=unsubscribe
>
_______________________________________________________________________
> ____
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-
> request@xxxxxxxxxxxxx?subject=unsubscribe
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe