Wireshark mailing list archives
Re: Vendor-specific dissectors for 802.11
From: Michael Mann via Wireshark-dev <wireshark-dev () wireshark org>
Date: Sun, 13 Aug 2017 14:04:15 -0400
See https://code.wireshark.org/review/23065 It could probably use some review for "naming". I'm not familiar enough with the dissector to know if fields/dissector table name makes sense. In regards to not already having a dissector table, not all developers think about it, especially if there is only a case or two. Then a situation like yours comes along, and it gets changed. It also looks like "public fields" may need its own dissector table for vendor specific functionality too. -----Original Message----- From: Иван Николов <ivannikolov007 () gmail com> To: wireshark-dev <wireshark-dev () wireshark org> Sent: Sun, Aug 13, 2017 10:55 am Subject: [Wireshark-dev] Vendor-specific dissectors for 802.11 Hello, I'm working on a way to parse a vendor-specific packets IEEE 802.11 packets, in particular I want to analyze packet captures from ESP8266 (the ESP-NOW protocol). I wrote a proof-of-concept dissector for the protocol and edited the `epan/dissectors/packet-ieee80211.c` file and inserted my dissector manually in the `add_ff_action_vendor_specific` function then recompiled Wireshark from the modified source. While this did work for me, I can't help but feel like this is a problem that could be solved better - right now I have to recompile Wireshark from source on every release. The function I'm referencing has a `switch` statement for the OUI with 2 cases (OUI_MARVELL and OUI_WFA) and a default case, which has a comment "Don't know how to handle this vendor". I'd like to ask whether the community is interested in a patch, including another dissector table for that very purpose - allowing Wireshark users to write dissectors in Lua and to not have to patch C code in order to analyze traffic, containing unknown 802.11 vendor-specific data. I'm interested in implementing this functionality, but I'm unsure if I have the required knowledge of the inner workings of Wireshark. Moreover, I'm not sure if the decision to NOT include such a dissector table is intentional. I'm hoping someone can point me to the 'correct' way to solve the problem of dissectors for vendor specific data, or in case this is not currently possible, this post starts a discussion on the topic of whether this is needed in Wireshark and how to properly implement this at the architecte level. I previously asked a similar question in the ask.wireshark.org portal - https://ask.wireshark.org/questions/56816/ieee-80211-vendor-specific-action . It includes an example capture (relevant part starts at packet No. 587). Best regards, Ivan ___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>Archives: https://www.wireshark.org/lists/wireshark-devUnsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Vendor-specific dissectors for 802.11 Иван Николов (Aug 13)
- Re: Vendor-specific dissectors for 802.11 Richard Sharpe (Aug 13)
- Re: Vendor-specific dissectors for 802.11 Michael Mann via Wireshark-dev (Aug 13)
- Re: Vendor-specific dissectors for 802.11 Richard Sharpe (Aug 13)
- Re: Vendor-specific dissectors for 802.11 Alexis La Goutte (Aug 14)
- Re: Vendor-specific dissectors for 802.11 Richard Sharpe (Aug 13)
- Re: Vendor-specific dissectors for 802.11 Richard Sharpe (Aug 13)