Wireshark-dev: [Wireshark-dev] Idea for process image dissection
From: Roland Knall <[email protected]>
Date: Sun, 13 Oct 2013 10:17:45 +0200

I just wanted to bring something by you guys, if it would be worth implementing.

I work on the openSAFETY and EPL dissectors. Both are fieldbus
specific implementations. As such the communicate process images as
payloads. This is the same with nearly all other fieldbus
implementations i know (CanOpen, Profinet, SercosIII, ...).

As such, to a unknown user this displays simply as a byte payload. Now
it may be useful, to dissect the payload in some cases, as such we may
be able to search for specific fields triggering in the payload.

For such a dissection, we need to tell a dissector, how to dissect a
specific payload.

I would like to implement a new field type (FT_PIMAGE) and allow the
user using a dialog, to specify a filter and a mapping to dissect the

For instance one definition might be:

(opensafety.msg.node = 0x04)
    bit 0 .. SafeDigitalInput01
    bit 1 .. SafeDigitalInput02
    byte 2-3 .. SafeAnalogInput01

bits/bytes mapping is something that should be defined more clearly.
But basically this would cover the basic types.

The whole implementation should be very generic as such, that if a
dissector only registers the field, but not defines a mapping,
basically it just displays as the FT_BYTES field will.

The definition for each field mapping must be also session specific,
as it will definitely change between dissections. The main usage would
be to track down specific problem, where I want to monitor the
reaction of the fieldbus after a certain condition has occurred. Right
now using simply bytes[] is painstakingly useless.

kind regards,