Wireshark · Ethereal-dev: [ethereal-dev] Dissector dispatching

Ethereal-dev: [ethereal-dev] Dissector dispatching

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gilbert Ramirez <gram@xxxxxxxxxx>

Date: Tue, 09 Nov 1999 22:43:54 -0600

I did a cursory scan of all the dissectors, and made a list
of what information the dissectors use to call the other dissectors.
Not listed are the cases in which dissectors call no other
dissectors, call only other dissector-helpers within their *.c file,
or call only dissect_data().

Some of this may be wrong or lacking, but most of the info is
here.

ascend		uses fd->pseudo_header.ascend.type (guint16)
lane		uses fd->psuedo_header.ngsniffer_atm.AppHLType (guint8)
atm		uses hl_type (guint)
eth		ethhdr_type (int), etype(guint16)
fddi		uses fc (int)
gre		uses type (guint16)
http		uses pi.srcport (guint16)
icmpv6		uses pd[offset + sizeof(*dp)] & 0xf0  (guint8)
ip		uses iph.ip_p (guint8)
ipv6		uses pd[poffset = offset + offsetof(struct ip6_hdr, ip6_nxt)]
ipx		uses ipx_type and ipx_dsocket/ipx_ssocket (guint16)
llc		uses etype (guint16), sap (guint8)
nwlink_dg	uses packet_type (guint8)
null		uses null_header (guint32)
pim		uses (*ip & 0xf0) >> 4  (guint8)
ppp		uses ppp_prot (guint16)
raw		pd[0:2] (guint16)
rpc		uses key (key.prog, key.vers, key.proc)
rtsp		complicated text search
rx		rxh->type
tcp		uses th.th_sport and th.th_dport (guint16)
tr		uses frame_type (int)
udp		uses uh_sport and uh_dport (guint16)
x25		uses pd[localoffset] (guint8)


I've been thinking about how to handle dynamic dissector "handoffs"
or "dispatches". There are sometimes that one wishes to have the
called protocol register itself with the caller, as in a UDP or TCP
protocol registering itself with a UDP or TCP dispatcher.  This is
what I described in my e-mail that Guy copied to this list. This would
be ideal for loadable modules

But like Laurent mentioned in his e-mail from a few weeks ago,
there are times in which you want the calling protocol to do all the
work of registering callee protocols. For example, dissect_ip is
called from ethertype.c (llc, ethernet), ppp, raw, and X.25. It would
seem to me that we want each of those protocols to register the fact
that it can call IP, and not have IP have to worry about registering
itself with all of these.

Perhaps we can combine both of these approaches, as well as leave
some "dissector dispatches" hardcoded into the code. Dynamic dispatching
seems like overkill for token-ring and FDDI, for example, which call
either LLC or dissect_data (or TRMAC, in the case of token-ring). There's
no other options, so there's no reason not to hard-code these options
into the dissectors.

Just some food for thought,

--gilbert

Follow-Ups:
- Re: [ethereal-dev] Dissector dispatching
  - From: Guy Harris

Prev by Date: Re: [ethereal-dev] possible future feature idea?
Next by Date: Re: [ethereal-dev] Dissector dispatching
Previous by thread: Re: [ethereal-dev] possible future feature idea?
Next by thread: Re: [ethereal-dev] Dissector dispatching
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$