Ethereal-dev: Re: [ethereal-dev] Re: [ethereal-users] Ethereal Plugins

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Sun, 16 Jul 2000 23:37:46 -0700
On Fri, Jul 14, 2000 at 08:26:54AM -0500, Gilbert Ramirez wrote:
> That brings up an interesting idea to think about for post-1.0 Ethereal.
> What about distributing *all* dissectors as plugins, but with plugins
> based on the dissector_table routines instead of the dfilter routines.

That's pretty much the way Microsoft Network Monitor works - there's the
core, and a pile of loadable modules for various protocols.

> (It might be more work to provide top-level/link-layer dissectors
> as plugins, but we could figure out a way.)

The "port" for a link-layer dissector could perhaps be the
WTAP_ENCAP_XXX value, and "dissect_packet()" would use
"dissector_try_port()" rather than a bit switch statement.  (FDDI vs. 
bit-swapped FDDI could be handled with "dissect_fddi()" and
"dissect_fddi_bitswapped()" taking the standard argument list, and
calling a common routine with a Boolean "addresses are bit-swapped"
argument.)

> We could even group multiple dissectors into a single shared library,
> so we'd have a "NetWare" plugin which decoded IPX, SPX, and NCP. Or
> an IPv4 plugin which decoded ICMP, IPv4, TCP, and UDP.

I think NetMon may bundle dissectors in that fashion.