Wireshark-dev: Re: [Wireshark-dev] BinPAC with Wireshark

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 2 Apr 2019 22:58:50 -0700
On Apr 1, 2019, at 7:23 PM, Joey Lord <joeylord@xxxxxxxxx> wrote:

> I was wondering if anyone was successful using BinPAC for doing a Wireshark dissector? I know Robin Sommer kind of made a wink to the idea where his tool, BinPAC++ , could perhaps be used for Wireshark (https://www.zeek.org/brocon2014/brocon2014_sommer_binpac.pdf). Interested to know your thoughts on the matter.

BinPAC++ was renamed to Spicy, and its home appears to be at

	http://www.icir.org/hilti/

They link to a paper that speaks of a Wireshark plugin:

	We have integrated Spicy into Wireshark by developing a proof-of-concept Wireshark dissector plugin that works with any Spicy module. Figure 9 shows a screenshot of Spicy’s DNS dissector operating inside Wireshark. At startup, our plugin compiles Spicy modules just-in-time, and then extracts names and attributes of all top-level units using Spicy’s introspection API. Spicy dissectors can convey their well-known ports to a host application by defining a %ports unit property. Our Wireshark plugin registers them accordingly with the Wireshark core, so that it receives control for corresponding packets. For each packet, it executes the unit’s dis- sector function and then iterates over the resulting attributes, adding each to the GUI’s tree display. Currently, our Wireshark plugin supports UDP protocols; extending it further would just require interfacing appropriately with more of Wireshark’s dissector API.

but I don't see any sign of anything related to Wireshark in the source code in their repository, so I don't know whether the source for their proof of concept is available or not.

For what it's worth, the last checkin for the Hilti repository mirror on GitHub:

	https://github.com/rsmmr/hilti

is about 1 1/2 years ago.