Hi,
I'm proud to submit my latest work. "The Thing" is a tracing facility
that enables
ethereal to filter packets based on fields from other related fields.
The Thing is somehow described in http://wiki.ethereal.com/Thing anyway,
I'm available to answer any sort of doubts people might have about the Thing.
The main purpose for which I started to write this was to filter with a simple
expression all the packets from different protocols related to calls of a
certain user. As I went through the design and coding of this module I noticed
that just tracing calls using a specific and limited set of protocols was
little compared with what I could have archived with a little more work (BTW.
it turned out to be a lot more).
The final result is an all-purpose tracing facility that can be instructed on
what and how to trace sessions and transactions using (I believe) any field
coming from any protocol ethereal already dissects. Although instructing the
tracing facility on how to trace is not simple its potential is huge. Some
examples of configuration file are provided.
The thing needs a lot more work to be done (thing.TODO) before it becomes
production code. The way I fit it into ethereal is a fortune job, that is
I worked on that just enough to unblock me and move to the application. I
think most of the filed import work should be done directly in proto.c but
again I do not know ethereal's internals that well to be able to tell for
sure. I think that someone that knows well how ethereal works should be able
to do a much better job in not much time.
I plan to be working on some parts that are in the code but not yet fully
functional, or not functional at all. I planned to release it as soon as I
would have filtered all RAS packets related to a call based on the calling
number (which they do not have). I did that last night. So today I'm releasing
the code.
The tarball contains:
code:
epan/thing.c - the thing itself
epan/thing.h
epan/thing_util.c - the AVP library and other stuff not strictly part
of the thing itself
epan/thing_util.h
epan/dissectors/packet-thing.c - what dissects the past and future of
a packet :-)
the patches to epan/Makefile.common and epan/dissectors/Makefile.common
example.thing - a very simple configuration for the thing for ISUP, Q931 and RAS
and two horrible patches one to file.c and the other to epan/packet.c
that allow the thing
to run in ethereal but in a very limited way. These should be
rewritten not committed!!!
Before getting into this it's was many years since I haven't wrote more than
five consecutive lines of C. Adding to that ethereal's internal mechanics are
not simple, it took me weeks to figure out how to get this into the picture.
As so I beg you all for patience in helping me fix and understand the mistakes
I've made in writing this module.
I beg every one in the ethereal community to help me improving this facility
with their experience and their patience. I know for sure that there are
several things that can and others that have to be improved (tracing.TODO).
Other than that, as I'm not good with documentation, I hope someone will help
us all writing a user's manual for this module. I'm obviously available for any
clarifications in regard to the operation of the tracing facility.
Best Regards,
Luis E. Garcia Ontanon
Attachment:
snapshot_low.gif
Description: GIF image
Attachment:
thing.tgz
Description: GNU Zip compressed data
