The answer depends on exactly what you are trying to do, some things will be
easier than others.
1. If you want to add vendor specific objects, that can easily be done in Lua
because there is a dissector table that you can just register your vendor
specific class with ("cip.class.iface"). There should be numerous examples of
Lua using a dissector table (just not specifically for CIP).
2. There is no support currently for "classless" service codes (like those used
in Rockwell Automation PLCs), which is what
https://www.wireshark.org/lists/ethereal-dev/200601/msg00174.html appears to be
talking about.
2. If you want to add vendor specific services to already supported objects,
that would be more difficult to do in Lua because there isn't a dissector table
hook for them. I'm not sure there would be a way to handle the "general" case
of registering service + class into a dissector table, but you could add
dissector tables (patching packet-cip.c) for specific objects (Identity,
ConnectionManager, etc) and submit just that part as a patch for inclusion in
base Wireshark code.
3. Vendor specific attributes of an object would have the same difficulty in
Lua and would need dissector tables.
4. I believe Lua will "override" any value registered to a dissector table, so
you could write the "vendor specific" portion, for say the Identity object, but
then you'd have to duplicate all of the dissection currently being done for it
in your Lua script.
5. Also note that not all "open" objects are supported in packet-cip.c. It
would be appreciated that if you added dissection for any of those, that you
provide a patch for integration here: https://code.wireshark.org/review (see
https://wiki.wireshark.org/Development/SubmittingPatches for more details). If
you're more familiar with Lua than C, you can put the Lua script here:
https://wiki.wireshark.org/Contrib, but I'd probably end up taking it and
converting it to C.
-----Original Message-----
From: Samuel Groot <groot.sam...@gmail.com>
To: wireshark-dev <wireshark-dev@wireshark.org>
Sent: Tue, Aug 29, 2017 10:20 am
Subject: [Wireshark-dev] [RFC] Vendor-specific dissector extension for
EtherNet/IP
Hi,I am considering writing a chained dissector in lua to support some
vendor-specific classes, services and attributes for EtherNet/IP.After digging
around on google or ask.wireshark.org, I couldn't find anything that would fit
my needs (except this[1], but it's more than 10 years old), so I'm coming to
you to have maybe some advice.Vendor-specifics in EtherNet/IP are particular in
the sense that we need to rewrite certain things in the tree and only re-parse
certain things.Is it the correct way to do it, or do I have to patch
epan/dissectors/packet-cip.c and rebuild wireshark entirely?Regards,Sam
Groot[1]
https://www.wireshark.org/lists/ethereal-dev/200601/msg00174.html___________________________________________________________________________Sent
via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>Archives:
https://www.wireshark.org/lists/wireshark-devUnsubscribe:
https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
