Wireshark-bugs: [Wireshark-bugs] [Bug 8644] New Dissector - SEL RTAC (Real Time Automation Contr
Comment # 8
on bug 8644
from Chris Bontje
All,
I've applied all the suggestions from Pascal and Guy and have shifted the
dissector over to utilizing a 'custom' DLT with user config parameters for the
payload protocol. I have currently dummied out my Wireshark build to use
DLT-170 (it was a free one) and have tested with dnp3 and selfm packet types.
I did submit a request to the tcpdump group and we'll see when they come back.
I got hung up for awhile on initially only calling the payload sub-dissectors
within the rtacser "if (tree) {" statement, but I got that nut cracked this
morning. Now the appropriate sub-dissector is also called during the first
pass dissection before the tree is drawn as it normally would be with the
DLT_USER parameters. DNP3 and SELFM in particular depend on this for
conversation setup and other configuration information that is only gathered on
the first pass.
I'll attach the revised packet-rtacser.c file as well as some hacked selfm and
dnp3 pcap files that are using DLT 170. If you want to try it out on your
build, just make an appropriate entry for the definition of
WTAP_ENCAP_RTACSERIAL tying it to DLT 170 in wiretap\pcap-common.c
Michael - Modbus RTU serial dissection support is included in here but I don't
know that a custom DLT could be used to detect that particular protocol (as
opposed to DNP3, etc) because the serial pcap file generation process itself
doesn't necessarily have any identification of the type of payload data being
transferred.
Thanks to all for the suggestions and support.
Chris
You are receiving this mail because:
- You are watching all bug changes.
