Wireshark-dev: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector
From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Wed, 27 Feb 2008 16:58:20 -0500

Hi Sven,

Sorry this got overlooked. (That's part of the reason we recently changed to putting patches/new dissectors in the bugs database.)

Anyway I have checked in your new dissector in rev 24493 (that will not make 0.99.8). In testing I did find it a bit annoying that the protocol disables itself each time it starts up, but until we find a Better Way this works without yielding a performance hit for everyone.

Would you mind adding a protocol description page to the Wiki (and put your sample capture on the SampleCaptures page--or would you mind if I do)?

Regards,
-Jeff

Meier Sven (msv) wrote:
Hi

Are there any further comments or wishes on that one?
If not, could someone add it to the repository? Thanks

Regards
	Sven

 ///////  |||   |||  ///|||  ///        Sven Meier
///////   |||   ||| /// ||| ///         Dipl.Ing. FH Informationstechnologie
   ///          |||///  |||///          Entwicklungsingenieur IEEE 1588
/// ||/// ||/// Institute of Embedded Systems /////// ||| |/// |/// Raum / Room InES TW 220
///////   |||   ///     ///             Postfach 805
                                        CH-8401 Winterthur
                                        Switzerland
Zuercher Hochschule Winterthur Phone : +41 (0)52 267 70 58
(University of Applied Sciences)        Fax   :    +41 (0)52 268 70 58
Mitglied der Zuercher Fachhochschule    msv@xxxxxxxx
-----Ursprüngliche Nachricht-----
Von: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im Auftrag von Meier Sven (msv)
Gesendet: Montag, 11. Juni 2007 11:05
An: Developer support list for Wireshark
Betreff: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector ->now disabled by default

Hi

Finally I found the required function to disable the protocol by default.
So now the dissector is disabled by default, it can be enabled over the normal enable/disable protocol wizard.

Best regards
	Sven Meier

 ///////  |||   |||  ///|||  ///        Sven Meier
///////   |||   ||| /// ||| ///         Dipl.Ing. FH Informationstechnologie
   ///          |||///  |||///          Entwicklungsingenieur IEEE 1588
/// ||/// ||/// Institute of Embedded Systems /////// ||| |/// |/// Raum / Room InES TW 220
///////   |||   ///     ///             Postfach 805
                                        CH-8401 Winterthur
                                        Switzerland
Zuercher Hochschule Winterthur Phone : +41 (0)52 267 70 58
(University of Applied Sciences)        Fax   :    +41 (0)52 268 70 58
Mitglied der Zuercher Fachhochschule    msv@xxxxxxxx
-----Ursprüngliche Nachricht-----
Von: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im Auftrag von Meier Sven (msv)
Gesendet: Freitag, 1. Juni 2007 10:27
An: Developer support list for Wireshark
Betreff: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector

The thing is, that not the "dissector_add" function but the "register_postdissector" function is the problem. So this dissector is called after all other dissectors independent of port or ethertype. And how can I change values of a dissector at runtime?
The best solution would be if I could call some function, or set some value, that disables the dissector by default, but that I can enable it by hand over the enable/disable protocol wizard.

In which configuration file are my preferences (which protocols are enabled/disabled) stored anyway? If that file already exists at installation time, we could probably change the entry of the PRP protocol to disabled.

Best regards
	Sven Meier


 ///////  |||   |||  ///|||  ///        Sven Meier
///////   |||   ||| /// ||| ///         Dipl.Ing. FH Informationstechnologie
   ///          |||///  |||///          Entwicklungsingenieur IEEE 1588
/// ||/// ||/// Institute of Embedded Systems /////// ||| |/// |/// Raum / Room InES TW 220
///////   |||   ///     ///             Postfach 805
                                        CH-8401 Winterthur
                                        Switzerland
Zuercher Hochschule Winterthur Phone : +41 (0)52 267 70 58
(University of Applied Sciences)        Fax   :    +41 (0)52 268 70 58
Mitglied der Zuercher Fachhochschule    msv@xxxxxxxx
-----Ursprüngliche Nachricht-----
Von: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im Auftrag von Stephen Fisher
Gesendet: Donnerstag, 31. Mai 2007 21:38
An: Developer support list for Wireshark
Betreff: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector

A common method to disable a dissector is to register it with a 0 value for the port/ethertype and have a preference where this can be changed from a value other than 0.

On Tue, May 29, 2007 at 09:51:30AM +0800, Jeff Morriss wrote:
Oops, overlooked this one.  Any idea *how*?

(I'm terribly busy these days so not much time to research it.)

Stephen Fisher wrote:
Let's disable it by default to avoid the overhead of checking every packet.

On Mon, Apr 16, 2007 at 05:53:19PM +0800, Jeff Morriss wrote:
Hi list,

What do you think--how should we go about this?

-J

Glattfelder Christoph (glc) wrote:
Hello Jeff

Unfortunately, a frame must be searched for the trailer to recognize it as PRP frame. But I see no problem to have it disabled by default.


Best regards

Christoph Glattfelder

Z??rcher Hochschule Winterthur
Institute of Embedded Systems - InES

Technikumstrasse 9
Postfach 805
CH-8401 Winterthur
Tel. +41(0)52 260 69 74

christoph.glattfelder@xxxxxxxx


-----Urspr??ngliche Nachricht-----
Von: Jeff Morriss [mailto:jeff.morriss@xxxxxxxxxxx] Gesendet: Montag, 16. April 2007 10:26
An: Developer support list for Wireshark; Glattfelder Christoph (glc)
Betreff: Re: [Wireshark-dev] Parallel Redundancy Protocol (PRP) dissector



Meier Sven (msv) wrote:
This is a dissector for the Parallel Redundancy Protocol (PRP) defined in chapter 6 of the IEC 62439.

PRP uses two independent networks in parallel and allows redundancy without switchovers.

The protocol is sending Mac multicast messages with Ethertype 0x88fb. In addition to that it adds to every Ethernet frame a 4 byte trailer before the FCS. The trailer is detected by checking a size field and an identifier which are part of the trailer. Therefore, if the last 4 bytes of a frame match a correct trailer they get interpreted as a trailer, although it was probably not a real one.
Is there some way to know if the trailer is going to be there without searching for it? As it is, registered as a postdissector (didn't even know those existed until now), this dissector will get called for every frame--which seems a bit excessive to me.

If there's no way to know ahead of time, maybe this dissector should be disabled by default, though I'm not sure how to best go about doing that.