Wireshark-bugs: [Wireshark-bugs] [Bug 8089] New: New Dissector - SEL (Schweitzer Engineering Lab
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 13 Dec 2012 23:29:46 +0000
Bug ID 8089
Summary New Dissector - SEL (Schweitzer Engineering Laboratories) Fast Message
Classification Unclassified
Product Wireshark
Version 1.9.x (Experimental)
Hardware x86
OS Windows 7
Status UNCONFIRMED
Severity Enhancement
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter cbontje@gmail.com 

Created attachment 9691 [details]
SEL Fast Messaging Dissector

Build Information:
Version 1.9.0-SELFM (SVN Rev Unknown from unknown)

Copyright 1998-2012 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.10, with Cairo 1.10.2, with Pango 1.30.0, with
GLib 2.32.2, with WinPcap (4_1_2), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with
PortAudio V19-devel (built Dec 13 2012), with AirPcap.

Running on 32-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Testing based-off current SVN tree retrieved on 12/13/2012.

This is a dissector I've been working on awhile for internal use at our
company, but I hope to have it submitted to the project so it can be included
in the standard build.  It is for dissecting SEL Fast Message traffic, here is
a write-up from the source header:

***********
Schweitzer Engineering Labs manufactures and sells digital protective relay
equipment for use in industrial high-voltage installations.  SEL FM protocol
evolved over time as a (semi)proprietary method for auto-configuration of
connected SEL devices for retrieval of analog and digital status data.  The
protocol itself supports embedded binary messages (which are what this
dissector looks for) slip-streamed in the data stream with normal ASCII text
data.  A combination of both are used for full auto-configuration of devices,
but a wealth of information can be extracted from the binary messages alone.
************

I have added in support for all message types and function codes I could find
in existing packet captures, some representing serial data streams
(dissect-able by use of DLT_USER) and others Telnet-encapsulated equivalents. 
The protocol does follow a defined format, typically outlined in the appendixes
of the equipment manuals, as well as in Application Guides and Notes available
on www.selinc.com

I will attach the complete source file (packet-selfm.c) and leave it to
whomever wants to review to add into their complication tree.  I have tried to
follow all programming practices outlined in the standards guides but I'm sure
many things can be improved if the dissector is to be entered into the general
source tree.  Many caveats remain towards ensuring the dissector has 100%
compatibility (some notes of outstanding issues are in the source header), but
I wanted to contribute so the file can be maintained along with the normal
source tree.

I will attach a number of packet capture samples, these all had 10 rounds of
fuzz testing ran against them with no issues.

You are receiving this mail because:
  • You are watching all bug changes.