On Fri, Jul 14, 2000 at 08:26:54AM -0500, Gilbert Ramirez wrote:
> That brings up an interesting idea to think about for post-1.0 Ethereal.
> What about distributing *all* dissectors as plugins, but with plugins
> based on the dissector_table routines instead of the dfilter routines.
That's pretty much the way Microsoft Network Monitor works - there's the
core, and a pile of loadable modules for various protocols.
> (It might be more work to provide top-level/link-layer dissectors
> as plugins, but we could figure out a way.)
The "port" for a link-layer dissector could perhaps be the
WTAP_ENCAP_XXX value, and "dissect_packet()" would use
"dissector_try_port()" rather than a bit switch statement. (FDDI vs.
bit-swapped FDDI could be handled with "dissect_fddi()" and
"dissect_fddi_bitswapped()" taking the standard argument list, and
calling a common routine with a Boolean "addresses are bit-swapped"
argument.)
> We could even group multiple dissectors into a single shared library,
> so we'd have a "NetWare" plugin which decoded IPX, SPX, and NCP. Or
> an IPv4 plugin which decoded ICMP, IPv4, TCP, and UDP.
I think NetMon may bundle dissectors in that fashion.