Wireshark · Wireshark-dev: Re: [Wireshark-dev] New dissector proposed: WakeOnLAN

["Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>]

Hmm, now that I think about it, in this case, I think it was purposely not registered.  By design, the WOL MagicPacket can occur in any frame.  If WOL was registered with Ethertype 0x0842, that would not have solved the problem of being able to remotely wake up a host over an arbitrary network connection.  Take IP for instance, (Ethertype 0x0800), IPX (Ethertype 0x8137), IPv6 (0x86DD), ... the Magic Packet could reside in all of them and a properly designed Ethernet controller would detect it, regardless of the Ethertype.  As far as I can tell, there's nothing special about 0x0842 and it just happens to be what the author of ether-wake chose to use - a wise decision IMO - but still not worth registering.
 
Because only the MagicPacket byte sequence is what counts, not the Ethertype, protocol, port number, etc., it makes it rather problematic to detect it in software.  If you want to be 100% sure of detecting a WOL packet in a Wireshark dissector, then you'd have to register that dissector with absolutely every other dissector Wireshark supports, and scan all bytes in every frame for the MagicPacket ... and you'd have to be sure that dissector gets to look at each frame before any other dissector gets a chance to look at it.  Somewhat ridiculous if you ask me.
 
Official registration aside, I think what you did was a good idea because, well, why not register - at least locally - for those types we know about, especially when the chance of a conflict is nil?  I should have read your comments in etypes.h.  Oops.  Apologies.
 
- Chris

________________________________

From: wireshark-dev-bounces@xxxxxxxxxxxxx on behalf of Stephen Fisher
Sent: Tue 11/6/2007 6:55 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] New dissector proposed: WakeOnLAN



On Tue, Nov 06, 2007 at 03:49:38PM -0500, Maynard, Chris wrote:

> I think it's fine to add the Wake on LAN entries to etypes.h, etc.,
> but just be aware that 0x0842 is not actually a registered ethertype
> (*yet*) with IANA (Refer to:
> http://www.iana.org/assignments/ethernet-numbers <http://www.iana.org/assignments/ethernet-numbers> ). 0x0842 is only what
> ether-wake uses for WOL traffic, but technically WOL is not dependent
> upon anything but specific byte sequences in the Ethernet frame's
> payload - at least in theory.  In reality of course, it makes
> practical sense to assign a specific ethertype, or udp port number, or
> ..., but there are no guarantees.  That said, I seriously doubt that
> there'll be a conflict with 0x0842 any time soon (as in my lifetime),
> but you never know, so I guess it's just something to keep in mind ...

Thanks for the heads up.  It is a shame when unregistered ethertypes are
used, but this isn't the first one Wireshark knows about.  I did put a
comment to this effect in the ETHERTYPE_WOL definition:

epan/etypes.h:

#ifndef ETHERTYPE_WOL
#define ETHERTYPE_WOL           0x0842 /* Wake on LAN.  Not offically registered
.. */
#endif

We can handle any future conflict when it comes along.


Steve





-----------------------------------------
This email may contain confidential and privileged material for the
sole use of the intended recipient(s). Any review, use, retention,
distribution or disclosure by others is strictly prohibited. If you
are not the intended recipient (or authorized to receive for the
recipient), please contact the sender by reply email and delete all
copies of this message. Also, email is susceptible to data
corruption, interception, tampering, unauthorized amendment and
viruses. We only send and receive emails on the basis that we are
not liable for any such corruption, interception, tampering,
amendment or viruses or any consequence thereof.

<<winmail.dat>>