Wireshark · Ethereal-dev: RE: [Ethereal-dev] RFC: Print as XML

Ethereal-dev: RE: [Ethereal-dev] RFC: Print as XML

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gilbert Ramirez <gram@xxxxxxxxxxxxxxx>

Date: Tue, 23 Sep 2003 14:39:57 -0000

On Tue, 2003-09-23 at 03:56, Biot Olivier wrote:
> And why don't you provide the field type and base at the same time?
> 
> <node name="frame">
>   <field name="frame.marked" type="FT_BOOLEAN" base="BASE_NONE">0</field>
> </node>

I thought about that but thought it would be too repetitive.

> 
> Or you could use XML namespaces (one global or one for every "protocol")
> allowing a very flexible XML grammar. Probably we will require the XML
> descriptions to be available both on the Ethereal web site and locally on
> the machine where Ethereal is running.

Will XML namespaces allow me to define type "type" and "base" for each
field, only once? That would be great. I'll start reading about XML
namespaces.

> I don't think it is complicated to generate XML definitions for per-protocol
> field names, as we already do this when we generate "register.c"...

Yes, it will be easy. I'd just create a script to parse the output of
"[t]ethereal -G".

Attached is what I have come up with so far, after the first round of
suggestions. I have the following elements:

ethereal-capture-file
ethereal-frame
protocol
field
text
hexdump

Field names and protocol names are given in the "name" attribute.
Any time a field was created with a *_format() function, i.e., a special
label was put on the protocol tree, it is included in the XML with a
"label" attribute. "text" elements always have a "label" attribute, and
no data between element tags. 

I didn't know what to do with the hexdump data, so for now I just
through it in as it appears in a printout.

--gilbert

<?xml version="1.0"?>
<ethereal-capture-file>
<ethereal-frame>
  <protocol name="frame" label="Frame 34 (698 bytes on wire, 698 bytes captured)">
    <field name="frame.marked">0</field>
    <field name="frame.time">Sep 17, 2003 10:12:38.718406000</field>
    <field name="frame.time_delta">0.006623000</field>
    <field name="frame.time_relative">32.629878000</field>
    <field name="frame.number">34</field>
    <field name="frame.pkt_len" label="Packet Length: 698 bytes">698</field>
    <field name="frame.cap_len" label="Capture Length: 698 bytes">698</field>
    <field name="frame.file_off" label="File Offset: 4327 (0x10e7)">4327</field>
  </protocol>
  <protocol name="eth" label="Ethernet II, Src: 00:e0:81:00:b0:28, Dst: 00:09:6b:88:f5:c9">
    <field name="eth.dst">00:09:6b:88:f5:c9</field>
    <field name="eth.src">00:e0:81:00:b0:28</field>
    <field name="eth.addr">00:09:6b:88:f5:c9</field>
    <field name="eth.addr">00:e0:81:00:b0:28</field>
    <field name="eth.type">0x0800</field>
  </protocol>
  <protocol name="ip" label="Internet Protocol, Src Addr: 207.68.173.249 (207.68.173.249), Dst Addr: 10.0.0.5 (10.0.0.5)">
    <field name="ip.version">4</field>
    <field name="ip.hdr_len" label="Header length: 20 bytes">20</field>
    <field name="ip.dsfield" label="Differentiated Services Field: 0x08 (DSCP 0x02: Unknown DSCP; ECN: 0x00)">
      <field name="ip.dsfield.dscp">0x02</field>
      <field name="ip.dsfield.ect">0</field>
      <field name="ip.dsfield.ce">0</field>
    </field>
    <field name="ip.len">684</field>
    <field name="ip.id" label="Identification: 0xf9a0 (63904)">0xf9a0</field>
    <field name="ip.flags">
      <field name="ip.flags.df">1</field>
      <field name="ip.flags.mf">0</field>
    </field>
    <field name="ip.frag_offset">0</field>
    <field name="ip.ttl">45</field>
    <field name="ip.proto" label="Protocol: TCP (0x06)">0x06</field>
    <field name="ip.checksum" label="Header checksum: 0xca60 (correct)">0xca60</field>
    <field name="ip.src">207.68.173.249</field>
    <field name="ip.addr">207.68.173.249</field>
    <field name="ip.dst">10.0.0.5</field>
    <field name="ip.addr">10.0.0.5</field>
  </protocol>
  <protocol name="tcp" label="Transmission Control Protocol, Src Port: 80 (80), Dst Port: 2657 (2657), Seq: 224189374, Ack: 2303489682, Len: 644">
    <field name="tcp.srcport" label="Source port: 80 (80)">80</field>
    <field name="tcp.dstport" label="Destination port: 2657 (2657)">2657</field>
    <field name="tcp.port">80</field>
    <field name="tcp.port">2657</field>
    <field name="tcp.len">644</field>
    <field name="tcp.seq">224189374</field>
    <field name="tcp.nxtseq">224190018</field>
    <field name="tcp.ack">2303489682</field>
    <field name="tcp.hdr_len" label="Header length: 20 bytes">20</field>
    <field name="tcp.flags" label="Flags: 0x0018 (PSH, ACK)">
      <field name="tcp.flags.cwr">0</field>
      <field name="tcp.flags.ecn">0</field>
      <field name="tcp.flags.urg">0</field>
      <field name="tcp.flags.ack">1</field>
      <field name="tcp.flags.push">1</field>
      <field name="tcp.flags.reset">0</field>
      <field name="tcp.flags.syn">0</field>
      <field name="tcp.flags.fin">0</field>
    </field>
    <field name="tcp.window_size">17277</field>
    <field name="tcp.checksum" label="Checksum: 0x09f3 (correct)">0x09f3</field>
  </protocol>
  <protocol name="http">
    <text label="HTTP/1.1 302 Object moved\r\n">
      <field name="http.response.code">302</field>
    </text>
    <text label="Server: Microsoft-IIS/5.0\r\n"/>
    <text label="Date: Wed, 17 Sep 2003 15:12:38 GMT\r\n"/>
    <text label="P3P: CP=&quot;BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo&quot;\r\n"/>
    <text label="Connection: close\r\n"/>
    <text label="Location: http://messenger.msn.com/tabs/tabxml.asp?Plcid=0409&amp;Version=4.7&amp;CLCID=0409&amp;BrandID=WindowsMessenger&amp;Country=US&amp;Other=\r\n"/>
    <text label="Content-Length: 238\r\n"/>
    <text label="Content-Type: text/html\r\n"/>
    <text label="Expires: Wed, 17 Sep 2003 15:12:38 GMT\r\n"/>
    <text label="Cache-control: private\r\n"/>
    <text label="\r\n"/>
    <field name="http.response">1</field>
    <protocol name="data" label="Data (238 bytes)"/>
    <hexdump>0000  3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a   &lt;head&gt;&lt;title&gt;Obj</hexdump>
    <hexdump>0010  65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65   ect moved&lt;/title</hexdump>
    <hexdump>0020  3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c   &gt;&lt;/head&gt;.&lt;body&gt;&lt;</hexdump>
    <hexdump>0030  68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c   h1&gt;Object Moved&lt;</hexdump>
    <hexdump>0040  2f 68 31 3e 54 68 69 73 20 6f 62 6a 65 63 74 20   /h1&gt;This object </hexdump>
    <hexdump>0050  6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20   may be found &lt;a </hexdump>
    <hexdump>0060  48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 6d 65 73   HREF="http://mes</hexdump>
    <hexdump>0070  73 65 6e 67 65 72 2e 6d 73 6e 2e 63 6f 6d 2f 74   senger.msn.com/t</hexdump>
    <hexdump>0080  61 62 73 2f 74 61 62 78 6d 6c 2e 61 73 70 3f 50   abs/tabxml.asp?P</hexdump>
    <hexdump>0090  6c 63 69 64 3d 30 34 30 39 26 56 65 72 73 69 6f   lcid=0409&amp;Versio</hexdump>
    <hexdump>00a0  6e 3d 34 2e 37 26 43 4c 43 49 44 3d 30 34 30 39   n=4.7&amp;CLCID=0409</hexdump>
    <hexdump>00b0  26 42 72 61 6e 64 49 44 3d 57 69 6e 64 6f 77 73   &amp;BrandID=Windows</hexdump>
    <hexdump>00c0  4d 65 73 73 65 6e 67 65 72 26 43 6f 75 6e 74 72   Messenger&amp;Countr</hexdump>
    <hexdump>00d0  79 3d 55 53 26 4f 74 68 65 72 3d 22 3e 68 65 72   y=US&amp;Other="&gt;her</hexdump>
    <hexdump>00e0  65 3c 2f 61 3e 2e 3c 2f 62 6f 64 79 3e 0a         e&lt;/a&gt;.&lt;/body&gt;.</hexdump>
  </protocol>
</ethereal-frame>
</ethereal-capture-file>

Follow-Ups:
- RE: [Ethereal-dev] RFC: Print as XML
  - From: Fulvio Risso

References:
- RE: [Ethereal-dev] RFC: Print as XML
  - From: Biot Olivier

Prev by Date: RE: [Ethereal-dev] RFC: Print as XML
Next by Date: RE: [Ethereal-dev] [christmasboy_81@xxxxxxxx: Bug#199779: Subject : ethereal: segfault when adding filter expression]
Previous by thread: RE: [Ethereal-dev] RFC: Print as XML
Next by thread: RE: [Ethereal-dev] RFC: Print as XML
Index(es):
- Date
- Thread