wireshark-dev August 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: Re: [Wireshark-dev] Wireshark - a slight improvem

Re: [Wireshark-dev] Wireshark - a slight improvement of STP dissector

From: Guy Harris <guy_at_nospam>
Date: Fri Aug 20 2010 - 02:33:16 GMT
To: Peter Palúch <Peter.Paluch@fri.uniza.sk>

On Aug 19, 2010, at 2:09 PM, Peter Palúch wrote:

> Greetings,

Questions such as this should be sent to wireshark-dev@wireshark.org, not to particular people on that list. There's no guarantee that a particular person on the list would have the answer, or would give the best answer by themselves.

> I am trying to make an addition to the STP BPDU dissector in Wireshark, in particular, adding the decoding of an extra field at the very end of Cisco PVST+/RPVST+ BPDUs that contains the VLAN ID to which the BPDU belongs (this value is used by Cisco to detect native VLAN mismatches).
>
> However, this is my first time I am trying to add a new code to the Wireshark, and I am still only getting familiar with the API.
>
> I would like to ask if there is a recommended way how to ask for the LLC/SNAP Ethernet header values in the packet-bpdu.c dissector.

No, but there's a recommended way to solve this problem:

Have separate dissectors for STP/RSTP and PVST+/RPVST+, but have those dissectors do all their work by calling a common routine, which does all the dissection, and which takes an additional gboolean argument to indicate whether this is regular STP or PVST+. Register the PVST+/RPVST+ dissector in the "llc.cisco_pid" dissector table with the PID 0x010b.

> The extra BPDU field with the originating VLAN is present only in PVST+/RPVST+ frames (SNAP OUI: 0x00000c, SNAP PID: 0x010b) and I need to verify that type before trying to decode the field. I was looking on the packet_info structure but it did not seem to carry any similar information into the BDPU dissector.
>
> I am very thankful for any suggestion!

___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe