It strikes me that generally you've got a few families of
protocols:
1) Fixed width binary fields
2) RFC 822 derived ( HTTP, SIP, MGCP, etc)
3) TLV based
4) ASN.1 ber/per encoded
Most of these shouldn't be that hard to handle as generalized
cases... but everytime I find myself saying that I think of
DNS and DNS compression... there will always be oddballs...
Ed
On Wed, 20 Aug 2003, Ashok Narayanan wrote:
>
> That's a little tough; freeform protocols are somewhat harder to deal
> with.
>
> A lot of IETF protocols are going to this "TLV" type of message like
> used in RSVP. The message is a series of objects; each object has a
> type, a subtype, and a length (not necessarily in that order). Each
> object has a separate definition.
>
> Maybe some sort of XML parser that describes these objects, and the
> header? I was thinking about it some time back but gave up due to lack
> of time. Maybe I (or somebody) can dig up this chestnut again...
>
> -Ashok
>
> On Wed, Aug 20, 2003 at 10:45:55PM +0200, Andreas Sikkema wrote:
> >
> > John McDermott wrote:
> >
> > > This might be tricky with tethereal. It would be nice to have a
> > > gui-based protocol analyzer builder, though, even if it were simple. It
> > > could generate the "protocol specification language", C or perl/python.
> > > I was thinking of a sort of generic, basic (not BASIC) sort of tool so
> > > that if someone wanted to one could build a quick and dirty decoder.
> >
> > I am thinking along the lines of a very simple language (something
> > like a stripped version of ASN.1).
> >
> > You have bits, bytes, integers, strings and the sequence in which they
> > appear are the way the appear in the protocol. Maybe add something
> > like a choice, but that would make things slightly more complicated,
> > but not that much I think.
> >
> > PROTOCOL "MyFirstProtocol", "My very own first protocol"
> > REGISTER "tcp.port", 1720
> >
> > INTEGER length
> > BYTE CHOICE packet_type
> > 0 setup
> > BYTE thing
> > STRING caller_id
> > 1 connect
> > BYTE otherthing
> > INTEGER something
> >
> > This might be a little too simple (the parser might get confused
> > without explicit ends to things), butt his would generate something
> > along the lines (of the current code):
> >
> > void packet_dissect_MyFirstProtocol()
> > {
> > create new tree for protocol
> >
> > proto_tree_add_item( hf_length, ...);
> >
> > int packet_type;
> > packet_type = tvb_get_uint32(...);
> > proto_tree_add_item( hf_packet_type, ...);
> >
> > create new tvb
> >
> > switch( packet_type )
> > {
> > case 0:
> > dissect_setup();
> > break;
> > case 1:
> > dissect_connect();
> > break;
> > }
> > }
> >
> >
> > --
> > Andreas Sikkema
> >
> > _______________________________________________
> > Ethereal-dev mailing list
> > Ethereal-dev@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
> --
>
>
>
> --- Asok the Intern ----------------------------------------
> Ashok Narayanan
> IOS Network Protocols, Cisco Systems
> 1414 Mass Ave, Boxborough MA 01719
> Ph: 978-936-1608. Fax: 978-936-2218 (Attn: Ashok Narayanan)
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
