Wireshark-dev: [Wireshark-dev] Generic Plugin
From: Sachin Gupta <sachgupta@xxxxxxxxx>
Date: Fri, 29 May 2009 10:23:46 +0530
This Generic Plugin takes XML as input (of packet format), parse the XML and then create a dissector for it, so that when a packet is captured in Wireshark it actually can dissect it based on the XML format specified for the packet.
---------- Forwarded message ----------
From: Sachin Gupta <sachgupta@xxxxxxxxx>
Date: Thu, May 28, 2009 at 6:23 PM
Subject: Generic Plugin
To: guy@xxxxxxxxxxxx
Hi,
This generic plugin is at very nascent stage compared to wsgd.
The key idea behind this is simplicity. This plugin provide a very
easy xml interface to define the packet structure.This plugin presently
support protocol format with fixed fields, optional lengths, optional
fields, array fields, filters etc.
Some of the features available are -
1) Enum names for values.
2) It presently support only big endian format, little endian support is trivial to add.
3) It is presently workable for Linux only, can be ported for windows too.
Please see below example implementation -
Example 1-
<?xml version="1.0" encoding="utf-8"?>
<message name="ATTACH_ACCEPT" proto="EPS">
<type name="comp_field" >
<field name="FD1" type="uint32"/>
<field name="FD2" type="bytes" array_length="6"/>
</type>
<type name="comp_unord" desc="unordered" nametype="uint8">
<field name="complex1" value="3" type="bytes" array_length="2"/>
<field name="complex2" value="13" type="uint8"/>
<field name="complex3" value="37" type="uint16" />
</type>
<type name="comp_field_type">
<field name="FD1" type="uint32"/>
<field name="FD2" type="comp_unord"/>
<field name="FD3" type="uint8" array_length="end" />
</type>
<type name="optional_fields" desc="unordered" nametype="uint8">
<field name="complex field1" value="5" type="bytes" array_length="6"/>
<field name="complex field2" value="1" type="comp_field_type" type_length="8"/>
<field name="complex field3" value="37" type="uint16" type_length="Length" />
</type>
<body>
<field name="Bit_Field1" type="bits" array_length="2"/>
<field name="Bit_Field2" type="bits" array_length="3"/>
<field name="Bit_Field3" type="bits" array_length="5"/>
<field name="Field3" type="uint8"/>
<field name="Length" type="uint8"/>
<field name="field4" type="optional_fields" type_length="Length"/>
<field name="Bit_Field2" type="bits" array_length="14"/>
<field name="Bit_Field3" type="bits" array_length="16"/>
<field name="Bit_Field4" type="bits" array_length="10"/>
<field name="length_2" type="uint8"/>
<field name="array_field" type="uint32" array_length="length_2"/>
<field name="Correct Value" type="desc" option_field="Bit_Field2" option_value="5"/>
<field name="Test Field" type="bytes" array_length="5" option_field="Bit_Field2" option_value="<20"/>
<field name="field2" type="bytes" array_length="5"/>
<field name="Complex Field" type="comp_field" array_length="end"/>
</body>
</message>
Looking for reply.
thanks & regards
Sachin
From: Sachin Gupta <sachgupta@xxxxxxxxx>
Date: Thu, May 28, 2009 at 6:23 PM
Subject: Generic Plugin
To: guy@xxxxxxxxxxxx
Hi,
This generic plugin is at very nascent stage compared to wsgd.
The key idea behind this is simplicity. This plugin provide a very
easy xml interface to define the packet structure.This plugin presently
support protocol format with fixed fields, optional lengths, optional
fields, array fields, filters etc.
Some of the features available are -
1)
A standardized XML interface to define packet
format.
2)
Allows new packet formats to be added without
recompilation.
3)
Support all default type fields - uint32, uint16, uint24, uint6, bytes, bit, structs.
4)
Support complex fields like fields inside
fields.
5)
Support dynamic size fields in the message.
6)
Support optional fields in the message.
7)
Support Type-Length-Value, Length-Value and
Name-Value fields.
8)
Support bit fields upto 64bits.
9)
Support setting filters in Wireshark messages.
10)
Register with UDP port on runtime.
11) Support tlv inside tlv.
1) Enum names for values.
2) It presently support only big endian format, little endian support is trivial to add.
3) It is presently workable for Linux only, can be ported for windows too.
Please see below example implementation -
Example 1-
<?xml version="1.0" encoding="utf-8"?>
<message name="ATTACH_ACCEPT" proto="EPS">
<type name="comp_field" >
<field name="FD1" type="uint32"/>
<field name="FD2" type="bytes" array_length="6"/>
</type>
<type name="comp_unord" desc="unordered" nametype="uint8">
<field name="complex1" value="3" type="bytes" array_length="2"/>
<field name="complex2" value="13" type="uint8"/>
<field name="complex3" value="37" type="uint16" />
</type>
<type name="comp_field_type">
<field name="FD1" type="uint32"/>
<field name="FD2" type="comp_unord"/>
<field name="FD3" type="uint8" array_length="end" />
</type>
<type name="optional_fields" desc="unordered" nametype="uint8">
<field name="complex field1" value="5" type="bytes" array_length="6"/>
<field name="complex field2" value="1" type="comp_field_type" type_length="8"/>
<field name="complex field3" value="37" type="uint16" type_length="Length" />
</type>
<body>
<field name="Bit_Field1" type="bits" array_length="2"/>
<field name="Bit_Field2" type="bits" array_length="3"/>
<field name="Bit_Field3" type="bits" array_length="5"/>
<field name="Field3" type="uint8"/>
<field name="Length" type="uint8"/>
<field name="field4" type="optional_fields" type_length="Length"/>
<field name="Bit_Field2" type="bits" array_length="14"/>
<field name="Bit_Field3" type="bits" array_length="16"/>
<field name="Bit_Field4" type="bits" array_length="10"/>
<field name="length_2" type="uint8"/>
<field name="array_field" type="uint32" array_length="length_2"/>
<field name="Correct Value" type="desc" option_field="Bit_Field2" option_value="5"/>
<field name="Test Field" type="bytes" array_length="5" option_field="Bit_Field2" option_value="<20"/>
<field name="field2" type="bytes" array_length="5"/>
<field name="Complex Field" type="comp_field" array_length="end"/>
</body>
</message>
Looking for reply.
thanks & regards
Sachin
Attachment:
snap3.JPG
Description: JPEG image
- Prev by Date: Re: [Wireshark-dev] Makefile.nmake problem
- Next by Date: [Wireshark-dev] Cross compile wireshark for OpenWRT
- Previous by thread: Re: [Wireshark-dev] Generic Plugin
- Next by thread: [Wireshark-dev] Generic Plugin
- Index(es):