Wireshark mailing list archives
After a long hiatus my XDR to dissector code can actually generate a dissector that works
From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Sat, 24 Dec 2016 11:36:10 -0800
Hi folks, I have pushed some initial code to here: https://gitlab.com/realrichardsharpe/wireshark_rpcgen This code is based on the stand-alone rpcgen in Ilumnos. It can now handle all of RFC1832, I believe, but it is fairly rudimentary in the following sense: 1. It does not do anything special with file handles, dates and times, mode fields etc. 2. The names is uses are straight out of the XDR file so they look pretty ugly. 3. It probably does not handle cases where an XDR file uses types defined in another XDR file. However, it can create a dissector for NFSv3 but I had to do a lot to hack it into Wireshark, which brings up another topic. Currently, all of the XDR-based protocols handled by Wireshark seem to use hand-generated dissectors, which are, IMO, problematic: 1. They have their own infrastructure (the rpc_xxx routines) 2. They dissect stuff in a way that produces reasonably nice results but don't reflect some aspects of the XDR. 3. They require quite a bit of knowledge to write, which is an impediment to companies that use XDR-based protocols, especially when the XDR is changing. For these reasons, I will continue working on the dissector generator to try to improve it considerable. Improvements I have in mind are: 1. Make it handle XDR files that include other definitions (is, multi-file proto specs.) 2. Provide a way to have more friendly names, probably with some sort of extras file that specifies translations and actions for some fields.) 3. Hook into, or provide infrastructure similar to the existing dissectors for XDR-based RPC protocols. The code also needs cleaning up and all the debug stuff needs switching off in the normal case. It currently inserts C++ comments to help figure out issues, but these should be off by default. Attached is a partial screen shot showing something of what it looks like. I am making it available now because years ago I wrote some Perl code to generate the SMB dissector but never made it available. That was a mistake. This time around I don't want to make that mistake. I welcome suggestions and code donations. -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操)
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- After a long hiatus my XDR to dissector code can actually generate a dissector that works Richard Sharpe (Dec 24)