Re: Syncthing protocol dissector

[Richard Sharpe <realrichardsharpe () gmail com>]

On Mon, Feb 28, 2022 at 11:53 AM Tmore1 <tmore1 () gmx com> wrote:
> Hi,
>
> Thank you. I understand that only C dissectors are distributed with
> Wireshark - in my message, I asked whether the project would be
> interested in my reimplementing it in C.

Yes. If needed I can help you shepherd the changes into the repository.

> The Syncthing protocols are a mixture of protobufs and ordinary fields.
> I assumed that the way to write such a dissector is by writing a
> protocol specific dissector, and then calling the protobuf dissector
> with a subset of the tvb. That's what I did in Lua, and that's what I
> suppose I would do in C. Is this the right approach?

That sounds correct to me.

> On Mon, 28 Feb 2022 10:20:01 +0100
> Alexis La Goutte <alexis.lagoutte () gmail com> wrote:
>
> > Hi Thomas,
> >
> > We don't accept LUA dissector on source code
> >
> > But there is now a protobuff dissector on Wireshark and i think it will not
> > be complicated to add this protocol.
> >
> > Cheers
> >
> >
> > On Sun, Feb 27, 2022 at 5:39 AM Tmore1 <tmore1 () gmx com> wrote:
> >
> > > Hello,
> > >
> > > Several years ago, there was some discussion on this list about a
> > > Syncthing protocol dissector:
> > >
> > > https://www.wireshark.org/lists/wireshark-dev/201811/msg00017.html
> > >
> > > AFAICT, there still doesn't seem to be one. I'm new to Wireshark
> > > internals (and pretty new to Wireshark externals, as well ;)), but I
> > > thought I'd try my hand at writing one. I starting by writing a Lua
> > > dissector for one of the Syncthing protocols:
> > >
> > > https://github.com/tmo1/wireshark-syncthing-dissector
> > >
> > > and it seems to work. If I'm not too daunted by trying to reimplement
> > > it in C, would this be something of interest to the project?
> > >
> > > Thomas
> > > ___________________________________________________________________________
> > > Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> > > Archives:    https://www.wireshark.org/lists/wireshark-dev
> > > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> > >              mailto:wireshark-dev-request () wireshark org
> > > ?subject=unsubscribe
>
>
> --
> Tmore1 <tmore1 () gmx com>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org?subject=unsubscribe



-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe