Wireshark-dev: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector -> now disabled
From: "Meier Sven (msv)" <msv@xxxxxxxx>
Date: Mon, 11 Jun 2007 11:04:50 +0200
Hi Finally I found the required function to disable the protocol by default. So now the dissector is disabled by default, it can be enabled over the normal enable/disable protocol wizard. Best regards Sven Meier /////// ||| ||| ///||| /// Sven Meier /////// ||| ||| /// ||| /// Dipl.Ing. FH Informationstechnologie /// |||/// |||/// Entwicklungsingenieur IEEE 1588 /// ||/// ||/// Institute of Embedded Systems /////// ||| |/// |/// Raum / Room InES TW 220 /////// ||| /// /// Postfach 805 CH-8401 Winterthur Switzerland Zuercher Hochschule Winterthur Phone : +41 (0)52 267 70 58 (University of Applied Sciences) Fax : +41 (0)52 268 70 58 Mitglied der Zuercher Fachhochschule msv@xxxxxxxx -----Ursprüngliche Nachricht----- Von: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im Auftrag von Meier Sven (msv) Gesendet: Freitag, 1. Juni 2007 10:27 An: Developer support list for Wireshark Betreff: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector The thing is, that not the "dissector_add" function but the "register_postdissector" function is the problem. So this dissector is called after all other dissectors independent of port or ethertype. And how can I change values of a dissector at runtime? The best solution would be if I could call some function, or set some value, that disables the dissector by default, but that I can enable it by hand over the enable/disable protocol wizard. In which configuration file are my preferences (which protocols are enabled/disabled) stored anyway? If that file already exists at installation time, we could probably change the entry of the PRP protocol to disabled. Best regards Sven Meier /////// ||| ||| ///||| /// Sven Meier /////// ||| ||| /// ||| /// Dipl.Ing. FH Informationstechnologie /// |||/// |||/// Entwicklungsingenieur IEEE 1588 /// ||/// ||/// Institute of Embedded Systems /////// ||| |/// |/// Raum / Room InES TW 220 /////// ||| /// /// Postfach 805 CH-8401 Winterthur Switzerland Zuercher Hochschule Winterthur Phone : +41 (0)52 267 70 58 (University of Applied Sciences) Fax : +41 (0)52 268 70 58 Mitglied der Zuercher Fachhochschule msv@xxxxxxxx -----Ursprüngliche Nachricht----- Von: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im Auftrag von Stephen Fisher Gesendet: Donnerstag, 31. Mai 2007 21:38 An: Developer support list for Wireshark Betreff: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector A common method to disable a dissector is to register it with a 0 value for the port/ethertype and have a preference where this can be changed from a value other than 0. On Tue, May 29, 2007 at 09:51:30AM +0800, Jeff Morriss wrote: > > Oops, overlooked this one. Any idea *how*? > > (I'm terribly busy these days so not much time to research it.) > > Stephen Fisher wrote: > > Let's disable it by default to avoid the overhead of checking every > > packet. > > > > On Mon, Apr 16, 2007 at 05:53:19PM +0800, Jeff Morriss wrote: > >> Hi list, > >> > >> What do you think--how should we go about this? > >> > >> -J > >> > >> Glattfelder Christoph (glc) wrote: > >>> Hello Jeff > >>> > >>> Unfortunately, a frame must be searched for the trailer to > >>> recognize it as PRP frame. But I see no problem to have it > >>> disabled by default. > >>> > >>> > >>> Best regards > >>> > >>> Christoph Glattfelder > >>> > >>> Z??rcher Hochschule Winterthur > >>> Institute of Embedded Systems - InES > >>> > >>> Technikumstrasse 9 > >>> Postfach 805 > >>> CH-8401 Winterthur > >>> Tel. +41(0)52 260 69 74 > >>> > >>> christoph.glattfelder@xxxxxxxx > >>> > >>> > >>> -----Urspr??ngliche Nachricht----- > >>> Von: Jeff Morriss [mailto:jeff.morriss@xxxxxxxxxxx] > >>> Gesendet: Montag, 16. April 2007 10:26 > >>> An: Developer support list for Wireshark; Glattfelder Christoph (glc) > >>> Betreff: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector > >>> > >>> > >>> > >>> Meier Sven (msv) wrote: > >>>> This is a dissector for the Parallel Redundancy Protocol (PRP) defined > >>>> in chapter 6 of the IEC 62439. > >>>> > >>>> PRP uses two independent networks in parallel and allows redundancy > >>>> without switchovers. > >>>> > >>>> The protocol is sending Mac multicast messages with Ethertype 0x88fb. In > >>>> addition to that it adds to every Ethernet frame a 4 byte trailer before > >>>> the FCS. The trailer is detected by checking a size field and an > >>>> identifier which are part of the trailer. Therefore, if the last 4 bytes > >>>> of a frame match a correct trailer they get interpreted as a trailer, > >>>> although it was probably not a real one. > >>> Is there some way to know if the trailer is going to be there without > >>> searching for it? As it is, registered as a postdissector (didn't even > >>> know those existed until now), this dissector will get called for every > >>> frame--which seems a bit excessive to me. > >>> > >>> If there's no way to know ahead of time, maybe this dissector should be > >>> disabled by default, though I'm not sure how to best go about doing that. > >>> > >>> > >> _______________________________________________ > >> Wireshark-dev mailing list > >> Wireshark-dev@xxxxxxxxxxxxx > >> http://www.wireshark.org/mailman/listinfo/wireshark-dev > > _______________________________________________ > > Wireshark-dev mailing list > > Wireshark-dev@xxxxxxxxxxxxx > > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-dev _______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev _______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-dev
Attachment:
prp_patch.gz
Description: prp_patch.gz
Attachment:
prp_frames.cap
Description: prp_frames.cap
- References:
- Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector
- From: Meier Sven (msv)
- Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector
- Prev by Date: Re: [Wireshark-dev] AMQP dissector patch
- Next by Date: [Wireshark-dev] Howto unregister a dissector?
- Previous by thread: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector
- Next by thread: Re: [Wireshark-dev] Implementation of Morphing Display filters on the fly ....
- Index(es):