Wireshark · Ethereal-dev: Re: [Ethereal-dev] Mission to ASN.1 ethereal dissector generator

Ethereal-dev: Re: [Ethereal-dev] Mission to ASN.1 ethereal dissector generator

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Chris Waters" <chris@xxxxxxxxxxxx>

Date: Thu, 25 Sep 2003 15:35:53 -0700

Hi,

On the topic of dissector generators. I have been playing with a plugin
which loads a text file at runtime and generates a dissector. The idea is to
make it easy to prototype new protocols, and add new dissectors for simple
protocols.

I looked at the XML protocol specification being used by Analyzer 3, but it
is way to complicated for what I needed. I don't aim to replace the C
dissectors for complex protocols and so all of the options are unnecessary.
I wanted a text file format that someone could use without needing to read a
manual (because I don't want to have to write a manual :-).

Here is an example protocol specification. This is for the winpcap remote
capture protocol.

-------------------------------------- rpcap.proto
protocol {
    name "Remote Capture Protocol",
    short "RPCAP",
    abbrev "rpcap",
    follows {"tcp.port", 2002}
}

option commands {
    1 = "Error",
    2 = "List all devices request",
    3 = "Open adapter request",
    4 = "Start capture request",
    5 = "Update capture filter request",
    6 = "Close adapter",
    7 = "Packet transfer",
    8 = "Authentication request",
    9 = "Get stats request",
    10 = "End capture request",

    130 = "List all devices reply",
    131 = "Open adapter reply",
    132 = "Start capture reply",
    133 = "Update capture filter reply",
    136 = "Authentication reply",
    137 = "Get stats reply",
    138 = "End capture reply"
}

field {name "Version", abbrev "version", desc "", type FT_UINT32, radix
BASE_DEC}
field {name "Command Type", abbrev "command", desc "", options commands,
type FT_UINT32, radix BASE_DEC}
field {name "Value", abbrev "value", desc "", type FT_UINT16, radix
BASE_DEC}
field {name "Length", abbrev "length", desc "", type FT_UINT32, radix
BASE_DEC}

#column_info {command}

switch rpcap.command {
case 4:
    field {name "Snapshot Length", abbrev "snaplen", desc "", type
FT_UINT32, radix BASE_DEC}
    field {name "Read Timeout", abbrev "timeout", desc "", type FT_UINT32,
radix BASE_DEC}
    field {name "Snapshot Length", abbrev "flags", desc "", type FT_UINT16,
radix BASE_DEC}
    field {name "Port Data", abbrev "port", desc "", type FT_UINT16, radix
BASE_DEC}

    # Filter
    field {name "Filter Type", abbrev "filtertype", desc "", type FT_UINT16,
radix BASE_DEC}
    field {name "Dummy", abbrev "dummy", desc "", type FT_UINT16, radix
BASE_DEC}
    field {name "Number of Items", abbrev "numitems", desc "", type
FT_UINT32, radix BASE_DEC}
    break

case 137:
    field {name "Packets received by kernel filter", abbrev "ifrecv", type
FT_UINT32, radix BASE_DEC}
    field {name "Packets dropped by the network interface", abbrev "ifdrop",
type FT_UINT32, radix BASE_DEC}
    field {name "Packets dropped by kernel filter", abbrev "krnldrop", type
FT_UINT32, radix BASE_DEC}
    field {name "Packets sent to the RPCAP collector", abbrev "srvcapt",
type FT_UINT32, radix BASE_DEC}
    break

default:
    field {name "Payload", abbrev "payload", type FT_BYTES, radix BASE_HEX}
    break
}
--------------------------------

When Ethereal starts this file is loaded by the plugin and a dissector is
registered for it. The dissector works by traversing a tree and slicing the
packet based on the fields which are seen. There is still a lot of work to
be done to allow repeating fields and encapsulation of other protocols, but
even at this level I think the plugin is useful.

Regards,

Chris.

----- Original Message -----
From: "John Bourke" <john.bourke@xxxxxxxxxxxxxxxxxx>
To: <ethereal-dev@xxxxxxxxxxxx>
Sent: Thursday, September 25, 2003 3:22 PM
Subject: [Ethereal-dev] Mission to ASN.1 ethereal dissector generator


>
> Folks,
>
> Myself and some others have some time now to knock this ASN.1->Dissector
on
> the head.  We need to get it finished by November.
>
> So far I can see three options
>
> 1. Gerald's Python work
> 2. III-ASN-Parser
> 3. SNACC (the recent one)
>
> I'd like to specifically produce a Dissector generator, rather than a C
code
> generator.  Also I'd like to be able to register display filters against
> parts of the code.
>
> Does anyone have a strong opinion ?
>
> Thanks
>
> john
>
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>

Follow-Ups:
- RE: [Ethereal-dev] Mission to ASN.1 ethereal dissector generator
  - From: Fulvio Risso

References:
- [Ethereal-dev] Mission to ASN.1 ethereal dissector generator
  - From: John Bourke

Prev by Date: Re: [Ethereal-dev] tap draw function not called at end of dissection?
Next by Date: Re: [Ethereal-dev] Mission to ASN.1 ethereal dissector generator
Previous by thread: [Ethereal-dev] Mission to ASN.1 ethereal dissector generator
Next by thread: RE: [Ethereal-dev] Mission to ASN.1 ethereal dissector generator
Index(es):
- Date
- Thread