Wireshark-dev: [Wireshark-dev] Standards supported by dissectors
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "David Sips" <DSips@xxxxxxxx>
Date: Wed, 9 Aug 2006 14:30:24 -0400

Hello all,

 

I am new to development w.r.t. Wireshark though I have been a user for years. The question is, what are the rules/guidelines regarding protocol support from a standards perspective? Must a protocol meet a certain threshold before it can be included as part of “official” Wireshark? I browsed the documentation, Wiki and mailing list archive a bit and could find no good guidance on when a protocol should be included in the distribution and what the rules are for protocol that becomes obsolete.

 

A little color and an example. I am working on a toolset that builds on top of a neat little tool called Scapy (http://www.secdev.org/projects/scapy/). As part of that toolset, I am developing additional classes to extend Scapy for select protocols. Naturally, after I construct my packets I want to inspect them on the wire and Wireshark provides that capability. While extending Scapy, I investigate a particular protocol and write my packet class based on the latest definition of a said protocol. I have discovered that sometimes Ethereal, er, I mean Wireshark, cannot decode or incorrectly decodes a particular protocol. For those it cannot decode I have found enough info so as to be able to write a new dissector. For those that are not correct, I have been able to identify flaws in both my Scapy packet classes and/or particular dissectors.

 

As an example, the IGMP dissector (packet-igmp.c) has a few associated dissectors (MRDisc, MSNIP, IGAP). The dissector for Multicast Discovery protocol is based on draft 6 (draft-ietf-idmr-igmp-mrdisc-06.txt) of a proposal while the protocol has advanced to RFC status (RFC 4286). I would like to update the MRD dissector and submit it back but what should I do with the old (and now obsolete) frame definitions? I think removal is appropriate but I would appreciate guidance on the subject. Also, what about those drafts that just die (MSNIP and IGAP). I think it is appropriate to remove those. What does the community think? Should there be a set of guidelines to define the lifetime of a dissector?

 

My apologies if this has been addressed previously.

 

David Sips
LVL7 Systems, Inc.
Software Engineer

 

The information contained in this e-mail is LVL7 confidential. Any use except that authorized by LVL7 is prohibited. If you get this in error, please notify the sender and delete this e-mail.