On Thu, Apr 10, 2003 at 05:49:02PM +0200, Panos Kassianidis wrote:
> could somebody please tell me what procedure should I follow in order to
> extend ethereal to parse a proprietary protocol?
> Does ethereal support some kind of plug-in architecture that makes such a
> task easier?
There are two ways in which you could say it supports a "plug-in
architecture":
1) in many cases, if there's a fairly "standard" way in a
protocol to specify the protocol for which the first
protocol's payload is intended (Ethernet type fields, TCP or
UDP port numbers (although those don't rigidly specify a
protocol)), you shouldn't have to modify the dissector for
the protocol running atop your protocol in order to add a new
protocol (and some protocols also support calling "heuristic"
dissectors that look at the packet data to figure out whether
it's a packet for their protocol or not);
2) Ethereal supports, on most platforms (on platforms that have
run-time dynamic linking and where GLib supports the run-time
dynamic linking mechanism), protocol dissectors that can be
loaded at run time, rather than being linked into the
Ethereal executable.
> Where can I find more information on this subject?
See:
doc/README.dissector
doc/README.tvbuff
for information on how to write dissectors (including some information
on how to plug a dissector into another dissector), and
doc/README.plugins
for information on how to develop dissectors loaded at run time.
