On Thu, Dec 06, 2001 at 03:20:15PM -0500, Todd Sabin wrote:
> > Those dissectors are, from their entries in the list of protocols in the
> > Netmon GUI for constructing display filters, "generated RPC parsers for
> > interface XXX"; I assume this means they have something that reads a
> > DCERPC IDL file and emits a parser.
>
> Yes, I'm fairly sure they do, although some of their generated parsers
> don't seem to be completely correct. I only point that out as an
> indication that it's a non-trivial task.
There are quite a lot of bugs in netmon if you use it for any length of
time. I'm also including the fact that it's really hard to decode the
output as a bug and the fact that most pipes are deliberately not
decoded (samr, spoolss for example).
> > I think the free DCERPC code includes an IDL parser; would it make sense
> > for us to modify that into something that can generate an Ethereal
> > dissector, and use that, plus the IDLs for various services (perhaps
> > after modifying the IDL language to include additional information to
> > give nice display names to fields), to generate dissectors for those
> > services?
>
> Absolutely. Long term, I plan to do that, unless someone else gets
> there first, of course. I currently have an IDL parser that can
> output a bare dissector given a .idl. (By 'bare' I mean putting the
What kind of parser are you using? I have modified one written by
Andrew Tridgell (in perl using Parse::RecDescent) that is spitting
out pretty nice code so far. I can do functions, recursive structures,
unions, pointers and arrays.
I'm still a way from submitting code though.
> enhance that, or just modify the one from freedce. I need to grok how
> freedce does things first, though, and I haven't had the time to
> devote to it. :(
Getting structures with simple types, pointers and arrays right is
pretty hairy. Luckily the Samba rpc_parse code is there for
reference.
Tim.