Re: [RFC] Vendor-specific dissector extension for EtherNet/IP

[Michael Mann via Wireshark-dev <wireshark-dev () wireshark org>]

The answer depends on exactly what you are trying to do, some things will be easier than others.
 
1. If you want to add vendor specific objects, that can easily be done in Lua because there is a dissector table that 
you can just register your vendor specific class with ("cip.class.iface").  There should be numerous examples of Lua 
using a dissector table (just not specifically for CIP).
2. There is no support currently for "classless" service codes (like those used in Rockwell Automation PLCs), which is 
what https://www.wireshark.org/lists/ethereal-dev/200601/msg00174.html appears to be talking about.
2. If you want to add vendor specific services to already supported objects, that would be more difficult to do in Lua 
because there isn't a dissector table hook for them.  I'm not sure there would be a way to handle the "general" case of 
registering service + class into a dissector table, but you could add dissector tables (patching packet-cip.c) for 
specific objects (Identity, ConnectionManager, etc) and submit just that part as a patch for inclusion in base 
Wireshark code.
3. Vendor specific attributes of an object would have the same difficulty in Lua and would need dissector tables.
4. I believe Lua will "override" any value registered to a dissector table, so you could write the "vendor specific" 
portion, for say the Identity object, but then you'd have to duplicate all of the dissection currently being done for 
it in your Lua script.
5. Also note that not all "open" objects are supported in packet-cip.c.  It would be appreciated that if you added 
dissection for any of those, that you provide a patch for integration here: https://code.wireshark.org/review (see 
https://wiki.wireshark.org/Development/SubmittingPatches for more details).  If you're more familiar with Lua than C, 
you can put the Lua script here: https://wiki.wireshark.org/Contrib, but I'd probably end up taking it and converting 
it to C.
 
 
-----Original Message-----
From: Samuel Groot <groot.samuel () gmail com>
To: wireshark-dev <wireshark-dev () wireshark org>
Sent: Tue, Aug 29, 2017 10:20 am
Subject: [Wireshark-dev] [RFC] Vendor-specific dissector extension for EtherNet/IP

Hi,I am considering writing a chained dissector in lua to support some vendor-specific classes, services and attributes 
for EtherNet/IP.After digging around on google or ask.wireshark.org, I couldn't find anything that would fit my needs 
(except this[1], but it's more than 10 years old), so I'm coming to you to have maybe some advice.Vendor-specifics in 
EtherNet/IP are particular in the sense that we need to rewrite certain things in the tree and only re-parse certain 
things.Is it the correct way to do it, or do I have to patch epan/dissectors/packet-cip.c and rebuild wireshark 
entirely?Regards,Sam Groot[1] 
https://www.wireshark.org/lists/ethereal-dev/200601/msg00174.html___________________________________________________________________________Sent
 via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>Archives:    
https://www.wireshark.org/lists/wireshark-devUnsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev       
      mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe