Ethereal

[ethereal-dev] Table-driven packet dissection?
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-dev: February 1999

 

Hi,

I wanted to add support for SMB into ethereal, and support for this, and that,
and then I looked at the code ...

While ethereal is great, I would like to get rid of Win95 and NetMon, but I
can't.

It seems that a big stumbling block to adding new dissection routines to
ethereal at the moment is that you have to know a lot about the code
organization, and you have to find the routine you need to change, then you
have to hack in a call to your new routine, etc.

It struck me that there had to be better way to do this, and I thought that
a table-based approach would be better.

Before I invest too much effort, however, let me describe what I want to
do, and if it is already in progress, well and good. If not, then feedback
would be appreciated.

GOALS.

1, Allow ethereal to be modified more easily.  This will allow the adding
   of new protocol dissect routines without one needing to know the how to
   modify the base code

2, Allow new ethereal modules to be added as dynamically linked libraries 
   that are loaded at runtime with dlopen or some such

SPECIFICS

I propose having a table driven approach. At any protocol level, from
FRAME_TYPE to the highest (eg, SMB type) we would have a table that
contains things like:

  Protocol name
  Offset into packet and length
  Series of (value, dissect routine, next level table 3-tuples)

Although obviously, for this last, we will want a more efficient structure
than the obvious.  Perhaps minimal perfect hashing will be needed in some
cases.

Routines would be registered in tables, and we would have a hierarchy,
something like:

   /ethernetV2/IP/TCP/SMB 

and a series of linked tables.

At each level, when a routine is called, it is passed the next level table
if any, otherwise NULL.
  
A routine is defined like:

   dissect_IP(packet, next-table, gtk-pointers it needs ...)

There will need to be a set of routines to manage the dissect tables.
Routines to add tables, add elements, etc.  I think there will be a need to
add a routine dynamically to handle things like TFTP, etc.

So, has it all been done before?  Am I just blowing hot air?  Etc.



Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx, NIC-Handle:RJS96
NS Computer Software and Services P/L, 
Ph: +61-8-8281-0063, FAX: +61-8-8250-2080, 
Samba (Team member), Linux, Apache, Digital UNIX, AIX, C, ...

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.