Wireshark-dev: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Thu, 31 May 2007 12:38:25 -0700
A common method to disable a dissector is to register it with a 0 value 
for the port/ethertype and have a preference where this can be changed 
from a value other than 0.

On Tue, May 29, 2007 at 09:51:30AM +0800, Jeff Morriss wrote:
> 
> Oops, overlooked this one.  Any idea *how*?
> 
> (I'm terribly busy these days so not much time to research it.)
> 
> Stephen Fisher wrote:
> > Let's disable it by default to avoid the overhead of checking every 
> > packet.
> > 
> > On Mon, Apr 16, 2007 at 05:53:19PM +0800, Jeff Morriss wrote:
> >> Hi list,
> >>
> >> What do you think--how should we go about this?
> >>
> >> -J
> >>
> >> Glattfelder Christoph (glc) wrote:
> >>> Hello Jeff
> >>>
> >>> Unfortunately, a frame must be searched for the trailer to 
> >>> recognize it as PRP frame. But I see no problem to have it 
> >>> disabled by default.
> >>>
> >>>
> >>> Best regards
> >>>
> >>> Christoph Glattfelder
> >>>
> >>> Z??rcher Hochschule Winterthur
> >>> Institute of Embedded Systems - InES
> >>>
> >>> Technikumstrasse 9
> >>> Postfach 805
> >>> CH-8401 Winterthur
> >>> Tel. +41(0)52 260 69 74
> >>>
> >>> christoph.glattfelder@xxxxxxxx
> >>>
> >>>
> >>> -----Urspr??ngliche Nachricht-----
> >>> Von: Jeff Morriss [mailto:jeff.morriss@xxxxxxxxxxx] 
> >>> Gesendet: Montag, 16. April 2007 10:26
> >>> An: Developer support list for Wireshark; Glattfelder Christoph (glc)
> >>> Betreff: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector
> >>>
> >>>
> >>>
> >>> Meier Sven (msv) wrote:
> >>>> This is a dissector for the Parallel Redundancy Protocol (PRP) defined 
> >>>> in chapter 6 of the IEC 62439.
> >>>>
> >>>> PRP uses two independent networks in parallel and allows redundancy 
> >>>> without switchovers.
> >>>>
> >>>> The protocol is sending Mac multicast messages with Ethertype 0x88fb. In 
> >>>> addition to that it adds to every Ethernet frame a 4 byte trailer before 
> >>>> the FCS. The trailer is detected by checking a size field and an 
> >>>> identifier which are part of the trailer. Therefore, if the last 4 bytes 
> >>>> of a frame match a correct trailer they get interpreted as a trailer, 
> >>>> although it was probably not a real one.
> >>> Is there some way to know if the trailer is going to be there without 
> >>> searching for it?  As it is, registered as a postdissector (didn't even 
> >>> know those existed until now), this dissector will get called for every 
> >>> frame--which seems a bit excessive to me.
> >>>
> >>> If there's no way to know ahead of time, maybe this dissector should be 
> >>> disabled by default, though I'm not sure how to best go about doing that.
> >>>
> >>>
> >> _______________________________________________
> >> Wireshark-dev mailing list
> >> Wireshark-dev@xxxxxxxxxxxxx
> >> http://www.wireshark.org/mailman/listinfo/wireshark-dev
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> > 
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev