Wireshark-dev: Re: [Wireshark-dev] An iSCSI expert system for wireshark
From: Richard Sharpe <realrichardsharpe@xxxxxxxxx>
Date: Tue, 19 Jan 2010 18:17:43 -0800
On Tue, Jan 19, 2010 at 6:13 PM, jimmy wang <jimmy.tianjin@xxxxxxxxx> wrote:
> Hi core developer,
>          I’m a member of Inventec Tianjin Company. We write an iSCSI expert
> system based on wireshark. The main features of the system include:
> 1. An iscsi PDU analyzing expert system with about 50 rules. The system can
> detect protocol error like StatSN less than ExpStatSN, Login response CSG
> bad value, etc.
> 2. An enhanced iscsi dissector which based on packet-iscsi.c
> 3. An iscsi expert information dialog which displays the expert system
> detecting result, iscsi session/connection topology tree and iscsi
> parameters.
> 4. An iscsi flow dialog which displays the iscsi PDU sequence, iscsi
> session/connection topology tree and iscsi statistics information.
> The attachments are the snapshot of the expert information dialog and iscsi
> flow dialog.
> The expert system include the follow source file:
> 1. Epan\dissectors\Packet-iscis.c         - enhanced iscsi dissector
> 2. Epan\dissectors\iscsiexpert-rules.c          - included by packet-iscsi.c
> for expert system rules
> 3. Gtk\iscsiexpert_dlg.c        - expert information dialog
> 4. Gtk\iscsiexpert_stat.c      - iscsi flow dialog
> We want our dissector and dialog be included in the main wireshark
> distribution. Could you please give me some suggestion:
> 1. Is it possible?
> 2. May we just send a patch based on packet-iscsi.c or we need send a new
> file named packet-iscsiexpert.c for the iscsi dissector? If use
> packet-iscsiexpert.c, we need add a new protocol iscsi[E] and need enable
> iscsi[E] and disable iscsi manually.
> Thanks for your time.

Hmmm, this is interesting.

Can you send it to me please ... I have been wanting to do some work
on the iSCSI dissector for a while, and this sounds interesting.

-- 
Regards,
Richard Sharpe