Wireshark · Ethereal-dev: [Ethereal-dev] TDS decoder work

Ethereal-dev: [Ethereal-dev] TDS decoder work

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Brian Bruns <camber@xxxxxxx>

Date: Wed, 24 Jul 2002 00:07:59 -0400 (EDT)

Hi all, 

I received a few queries about the state of my work on the TDS decoder.  
Unfortunately, I no longer have time to work on it and so am posting what 
I do have in the hopes that someone will find it useful.  I'd be happy to 
answer any inquiries about the state of the code or things specific to 
TDS.

The TDS Protocol is actually a protocol within a protocol.  On the outside 
there is netlib which is not so much a encapsulation as a blocking of the 
data, typically to 512 or 4096 bytes.  Between this are the protocol data 
units for TDS.  Netlib packets may be split over real packets, multiple 
netlib packets may appear in single real packets.  TDS PDUs may be split 
over netlib packets (and real packets) and most certainly can appear 
multiple times within a netlib packet.

Because of this, I abandoned my earlier attempt at making two dissectors, 
one for netlib and one for TDS. Counterintuitively, a single dissector 
turned out to be simpler than splitting it up.

You can find my code here:

http://www.freetds.org/ethereal/packet-tds.h
http://www.freetds.org/ethereal/packet-tds.c

Here are some of the (hefty) limitations of the current code

. We currently do not handle netlib headers that cross packet boundaries.  
  This should be an easy fix.
. I probably could have used the packet reassembly stuff, but I started 
  this at version 0.8.20, so c'est la vie. It wouldn't have covered the 
  netlib stuff anyway, so no big loss.
. The older two layer version of the code dissected the PDU's, but the new 
  version does not yet, it only labels the names. I need an elegant way to 
  deal with dissecting data crossing (netlib and tcp) packet boundries.  I 
  think I have one, but ran out of time to do it.
. It will only work on little endian platforms.  Or rather I should say, 
  the client that was captured must be little endian.  TDS 7.0/8.0 is 
  always LE; for TDS 4.2/5.0 look in the code for tvb_get_le*() functions, 
  there are fields in the login packet which determine byte order.
. result sets that span netlib packets are not working
. TDS 7 and 4.2 result sets are not working yet

All that said, the code does deal gracefully with different boudary 
conditions and what remains are the easier bits, IMHO.

The code is fairly well commented, and again I can answer any questions if 
someone wants to pick it up.  If not, I'm hoping to maybe get back to it 
early next year.


Cheers,

Brian

Prev by Date: Re: [Ethereal-dev] net-snmp [was: ethereal 0.9.4-0.7.2.0 crash on Red Hat Linux 7.2]
Next by Date: [Ethereal-dev] RTP and RTCP automaticaly decode, for a range of ports
Previous by thread: Re: [Ethereal-dev] net-snmp [was: ethereal 0.9.4-0.7.2.0 crash on Red Hat Linux 7.2]
Next by thread: [Ethereal-dev] RTP and RTCP automaticaly decode, for a range of ports
Index(es):
- Date
- Thread