Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wireshark - a slight improvement of STP dissector

From: Guy Harris <guy () alum mit edu>
Date: Thu, 19 Aug 2010 19:33:16 -0700

On Aug 19, 2010, at 2:09 PM, Peter PalĂșch wrote:


Greetings,


Questions such as this should be sent to wireshark-dev () wireshark org, not to particular people on that list.  
There's no guarantee that a particular person on the list would have the answer, or would give the best answer by 
themselves.


I am trying to make an addition to the STP BPDU dissector in Wireshark, in particular, adding the decoding of an 
extra field at the very end of Cisco PVST+/RPVST+ BPDUs that contains the VLAN ID to which the BPDU belongs (this 
value is used by Cisco to detect native VLAN mismatches).

However, this is my first time I am trying to add a new code to the Wireshark, and I am still only getting familiar 
with the API.

I would like to ask if there is a recommended way how to ask for the LLC/SNAP Ethernet header values in the 
packet-bpdu.c dissector.


No, but there's a recommended way to solve this problem:

Have separate dissectors for STP/RSTP and PVST+/RPVST+, but have those dissectors do all their work by calling a common 
routine, which does all the dissection, and which takes an additional gboolean argument to indicate whether this is 
regular STP or PVST+.  Register the PVST+/RPVST+ dissector in the "llc.cisco_pid" dissector table with the PID 0x010b.


 The extra BPDU field with the originating VLAN is present only in PVST+/RPVST+ frames (SNAP OUI: 0x00000c, SNAP PID: 
0x010b) and I need to verify that type before trying to decode the field. I was looking on the packet_info structure 
but it did not seem to carry any similar information into the BDPU dissector.

I am very thankful for any suggestion!


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: