Wireshark-dev: Re: [Wireshark-dev] Siemens S7Comm-Plus protocol support

From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 19 Aug 2021 00:52:35 -0700
On Aug 18, 2021, at 11:16 PM, Brett D. Rasmussen via Wireshark-dev <wireshark-dev@xxxxxxxxxxxxx> wrote:

> I have a question regarding support for the Siemens "s7comm-plus" protocol.
> 

> I'm currently running Wireshark 3.4.7 on a Mac system.  (3.4.7 is the latest version on the Mac)

It's the latest version everywhere, although some Linux distributions/*BSD ports or packages/etc. might not yet have the latest version (unlike Windows and macOS, where we produce our own builds of the latest release).

> My copy of Wireshark does not yet include the "s7comm-plus" dissector/plugin.

It's not yet part of Wireshark, so you won't get it with a standard release.
 
> Another developer, out on SourceForge.com, has indicated that Wireshark plugin support for the "s7comm-plus" is available out on SourceForge here:
>   https://sourceforge.net/projects/s7commwireshark/
> 
> Will support for the "s7comm-plus" protocol be added to the pre-compiled Wireshark download at some point in the future?

Whether a given protocol will be added in a future release is determined by whether somebody takes the time to add it or not; we don't have roadmaps that add particular protocols to particular releases.

One of us could take the current version of the plugin and incorporate it into Wireshark, but that wouldn't guarantee that later updates from its developer would get into Wireshark.  The most recent commit was a month ago, so it's still being actively developed, which means that grabbing a snapshot and incorporating it into Wireshark might not be the right way to do this.

Thomas, is there any reason not to incorporate this into the regular Wireshark release?  I'd mean you wouldn't have to build Windows binaries and offer them for releases that include it, and would make it easier for non-Windows users to analyze those packets, as they wouldn't have to compile it as a plugin and install it themselves.  It appears to be licensed under the GPLv2, so there are no licensing issues that I can think of.

> Or, is there a method for adding s7comm-plus support to my current Wireshark installation?

You could:

	go to the code tab at https://sourceforge.net/p/s7commwireshark/code/HEAD/tree/;

	clone the repository;

	download the Wireshark 3.4.7 source, so the Wireshark header files are available, if you haven't done so already;

	run the tools/macos-setup.sh script in the Wireshark source tree, so the header files for the support libraries are available, if you haven't done so already;

	make sure you have Xcode installed;

	build it;

	install it in the appropriate directory;

but we don't have a tutorial on doing that, so you'd have to figure it out yourself or keep asking questions.