Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Dissector code feedback request (Cassandra CQL)

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Tue, 8 Dec 2015 22:49:11 +0100


2015-12-08 22:46 GMT+01:00 Aaron Ten Clay <wireshark-dev@xxxxxxxxxxx>:
On 03 Dec 2015, you wrote:

> On Thu, Dec 3, 2015 at 9:27 AM, <wireshark-dev@xxxxxxxxxxx> wrote:
>
> > Hello everyone,
> >
> > I've started cobbling together a dissector plugin for the CQL binary
> > protocol used by Apache Cassandra. I'm brand new to Wireshark development,
> > so I'm sure some patterns could be improved. I'm hoping to get some
> > feedback on what I have so far:
> >
> >
> > https://gist.githubusercontent.com/aarontc/d285047c78b4b2a3c1d3/raw/4eff8ed1c6ba342434eae770a3921ae656a3d3d7/packet-cql.c
> >
> > Any suggestions/criticism would be appreciated. If this dissector would be
> > useful to anyone else, I'd like to see about getting it included with core
> > Wireshark once any issues are resolved and the dissector is more feature
> > complete.
> >
> > Thanks,
> > -Aaron
> >
> Hi Aaron,
>
> for feedback/review, the better is push your patch on Gerrit (
> https://code.wireshark.org/review ), and core can be directly review you
> code (if you want to don't merge soon you can WIP flag...)
>
> Cheers
>

Hi Alexis,

Thanks for the feedback. I've uploaded the current state of the code to Gerrit:
https://code.wireshark.org/review/#/c/12479/1/plugins/cql/packet-cql.c

It still needs work but I'm definitely interested in early feedback if there are
better patterns I could follow, etc.

Thanks!
-Aaron

Hi Aaron,

at first look the dissector seems ok (will need a better review, for now I just had a basic overview). Some comments though:
- please convert it to a builtin dissector: we are not integrating new plugins
- given that you use a port number not assigned by IANA, you should add a preference so as to change the value. Is the port being hardcodded a well known port for this protocol? If not, we might default it to 0 instead.

Regards,
Pascal.