Wireshark mailing list archives

Re: Syncthing protocol dissector

From: Tmore1 <tmore1 () gmx com>
Date: Mon, 28 Feb 2022 14:52:50 -0500

Hi,

Thank you. I understand that only C dissectors are distributed with
Wireshark - in my message, I asked whether the project would be
interested in my reimplementing it in C.

The Syncthing protocols are a mixture of protobufs and ordinary fields.
I assumed that the way to write such a dissector is by writing a
protocol specific dissector, and then calling the protobuf dissector
with a subset of the tvb. That's what I did in Lua, and that's what I
suppose I would do in C. Is this the right approach?

On Mon, 28 Feb 2022 10:20:01 +0100
Alexis La Goutte <alexis.lagoutte () gmail com> wrote:

Hi Thomas,

We don't accept LUA dissector on source code

But there is now a protobuff dissector on Wireshark and i think it will not
be complicated to add this protocol.

Cheers


On Sun, Feb 27, 2022 at 5:39 AM Tmore1 <tmore1 () gmx com> wrote:

Hello,

Several years ago, there was some discussion on this list about a
Syncthing protocol dissector:

https://www.wireshark.org/lists/wireshark-dev/201811/msg00017.html

AFAICT, there still doesn't seem to be one. I'm new to Wireshark
internals (and pretty new to Wireshark externals, as well ;)), but I
thought I'd try my hand at writing one. I starting by writing a Lua
dissector for one of the Syncthing protocols:

https://github.com/tmo1/wireshark-syncthing-dissector

and it seems to work. If I'm not too daunted by trying to reimplement
it in C, would this be something of interest to the project?

Thomas
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe



--
Tmore1 <tmore1 () gmx com>
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Syncthing protocol dissector Tmore1 (Feb 26)
- Re: Syncthing protocol dissector Alexis La Goutte (Feb 28)
  - Re: Syncthing protocol dissector Tmore1 (Feb 28)
    - Re: Syncthing protocol dissector Richard Sharpe (Feb 28)