Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] [RFC] Vendor-specific dissector extension for EtherNet/IP

From: Michael Mann <mmann78@xxxxxxxxxxxx>
Date: Tue, 29 Aug 2017 15:34:29 -0400
The answer depends on exactly what you are trying to do, some things will be easier than others.
 
1. If you want to add vendor specific objects, that can easily be done in Lua because there is a dissector table that you can just register your vendor specific class with ("cip.class.iface").  There should be numerous examples of Lua using a dissector table (just not specifically for CIP).
2. There is no support currently for "classless" service codes (like those used in Rockwell Automation PLCs), which is what https://www.wireshark.org/lists/ethereal-dev/200601/msg00174.html appears to be talking about.
2. If you want to add vendor specific services to already supported objects, that would be more difficult to do in Lua because there isn't a dissector table hook for them.  I'm not sure there would be a way to handle the "general" case of registering service + class into a dissector table, but you could add dissector tables (patching packet-cip.c) for specific objects (Identity, ConnectionManager, etc) and submit just that part as a patch for inclusion in base Wireshark code.
3. Vendor specific attributes of an object would have the same difficulty in Lua and would need dissector tables.
4. I believe Lua will "override" any value registered to a dissector table, so you could write the "vendor specific" portion, for say the Identity object, but then you'd have to duplicate all of the dissection currently being done for it in your Lua script.
5. Also note that not all "open" objects are supported in packet-cip.c.  It would be appreciated that if you added dissection for any of those, that you provide a patch for integration here: https://code.wireshark.org/review (see https://wiki.wireshark.org/Development/SubmittingPatches for more details).  If you're more familiar with Lua than C, you can put the Lua script here: https://wiki.wireshark.org/Contrib, but I'd probably end up taking it and converting it to C.
 
 
-----Original Message-----
From: Samuel Groot <groot.samuel@xxxxxxxxx>
To: wireshark-dev <wireshark-dev@xxxxxxxxxxxxx>
Sent: Tue, Aug 29, 2017 10:20 am
Subject: [Wireshark-dev] [RFC] Vendor-specific dissector extension for EtherNet/IP

Hi, I am considering writing a chained dissector in lua to support some vendor-specific classes, services and attributes for EtherNet/IP. After digging around on google or ask.wireshark.org, I couldn't find anything that would fit my needs (except this[1], but it's more than 10 years old), so I'm coming to you to have maybe some advice. Vendor-specifics in EtherNet/IP are particular in the sense that we need to rewrite certain things in the tree and only re-parse certain things. Is it the correct way to do it, or do I have to patch epan/dissectors/packet-cip.c and rebuild wireshark entirely? Regards, Sam Groot [1] https://www.wireshark.org/lists/ethereal-dev/200601/msg00174.html ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe