ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: RE: [Ethereal-dev] RFC: Print as XML

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Fulvio Risso" <fulvio.risso@xxxxxxxxx>
Date: Wed, 24 Sep 2003 09:04:00 +0200
Hi.
Some comments.

1. The syntax defined in Analyzer is more complete (i.e. it has more info
than the one you're proposing, like the position into the packet, the length
of the field). That's just because it has been defined some months ago.

2. There's no way to know if the value of a given field is formatted in hex,
bin, dec, asci... (analyzer uses the synxtax defined into another XML file,
the NetPDL one).

3. Although a field named "eth.dst" makes sense, this field is contained
into a protocol that is called "eth". So, it should be enough calling it
"dst".

4. The Hexdump, altough it makes sense, it can be obtained by "appending"
the content of each field one after the other.

5. The 'general' syntax looks similar, so there is space for collaborations
in there.

What we can do, if you agree, is to define a general format for generating
the complete decoding of the packet, in XML.
If you're interested in that, we may move our discussions out of the mlist.

Currently, we're using the PDML (the one you can find in attachment) for
generating the views into Analyzer. In other words, a library creates the
PDML file, then Analyzer reads this file and it uses the info contained in
it to generate the 'treeview' and 'dumpview' of the captured packet.

	fulvio


> -----Original Message-----
> From: ethereal-dev-bounces@xxxxxxxxxxxx
> [mailto:ethereal-dev-bounces@xxxxxxxxxxxx]On Behalf Of Gilbert Ramirez
> Sent: martedi 23 settembre 2003 16.40
> To: Biot Olivier
> Cc: Ethereal Development
> Subject: RE: [Ethereal-dev] RFC: Print as XML
>
>
> On Tue, 2003-09-23 at 03:56, Biot Olivier wrote:
> > And why don't you provide the field type and base at the same time?
> >
> > <node name="frame">
> >   <field name="frame.marked" type="FT_BOOLEAN"
> base="BASE_NONE">0</field>
> > </node>
>
> I thought about that but thought it would be too repetitive.
>
> >
> > Or you could use XML namespaces (one global or one for every "protocol")
> > allowing a very flexible XML grammar. Probably we will require the XML
> > descriptions to be available both on the Ethereal web site and
> locally on
> > the machine where Ethereal is running.
>
> Will XML namespaces allow me to define type "type" and "base" for each
> field, only once? That would be great. I'll start reading about XML
> namespaces.
>
> > I don't think it is complicated to generate XML definitions for
> per-protocol
> > field names, as we already do this when we generate "register.c"...
>
> Yes, it will be easy. I'd just create a script to parse the output of
> "[t]ethereal -G".
>
>
> Attached is what I have come up with so far, after the first round of
> suggestions. I have the following elements:
>
> ethereal-capture-file
> ethereal-frame
> protocol
> field
> text
> hexdump
>
> Field names and protocol names are given in the "name" attribute.
> Any time a field was created with a *_format() function, i.e., a special
> label was put on the protocol tree, it is included in the XML with a
> "label" attribute. "text" elements always have a "label" attribute, and
> no data between element tags.
>
> I didn't know what to do with the hexdump data, so for now I just
> through it in as it appears in a printout.
>
> --gilbert
>

<?xml version="1.0" encoding="utf-8" ?>
<pdml>
  <packet>
    <proto name="geninfo" pos="1" showname="General information" size="62">
      <field name="num" pos="1" show="1" showname="Number" size="62" value="1"/>
      <field name="len" pos="1" show="62" showname="Packet Length" size="62" value="62"/>
      <field name="caplen" pos="1" show="62" showname="Captured Length" size="62" value="62"/>
      <field name="timestamp" pos="1" show="11:09:39.066583" showname="Captured Time" size="62" value="1063098579.066583"/>
    </proto>
    <proto name="Ethernet" pos="1" showname="Ethernet 802.3" size="14">
      <field name="dst" pos="1" show="00805F-D60996" showdtl="00805F-D60996 Unicast address (Vendor Compaq Computer Corporation)" showmap="Compaq Computer Corporation" showname="MAC Destination" size="6" value="00805FD60996"/>
      <field name="src" pos="7" show="00022D-80E02E" showdtl="00022D-80E02E Unicast address (Vendor code not available)" showmap="code not available" showname="MAC Source" size="6" value="00022D80E02E"/>
      <field name="type-length" pos="13" show="0x0800" showmap="Ethertype" showname="Ethertype - Length" size="2" value="0800"/>
    </proto>
    <proto name="IP" pos="15" showname="IPv4 (Internet Protocol version 4)" size="20">
      <field name="verhlen" pos="15" show="0x45" showname="Version and header Length" size="1" value="45">
        <field mask="F0" name="ver" pos="15" show="4" showname="Version" size="1" value="4"/>
        <field mask="0F" name="hlen" pos="15" show="5" showdtl="20 (field value = 5)" showname="Header length" size="1" value="5"/>
      </field>
      <field name="tos" pos="16" show="0x00" showname="Type of service" size="1" value="00"/>
      <field name="tlen" pos="17" show="48" showname="Total length" size="2" value="0030"/>
      <field name="identification" pos="19" show="199" showname=" Identification" size="2" value="00C7"/>
      <field name="ffo" pos="21" show="0x4000" showname="Flags and Fragment offset" size="2" value="4000">
        <field mask="8000" name="unused" pos="21" show="0b0..............." showname="Unused" size="2" value="0"/>
        <field mask="4000" name="df" pos="21" show="0b.1.............." showname="Don't fragment" size="2" value="1"/>
        <field mask="2000" name="mf" pos="21" show="0b..0............." showname="More fragments" size="2" value="0"/>
        <field mask="1FFF" name="foffset" pos="21" show="0" showdtl="0 (field value = 0)" showname="Fragment offset" size="2" value="0"/>
      </field>
      <field name="ttl" pos="23" show="128" showname="Time to live" size="1" value="80"/>
      <field name="nextp" pos="24" show="6" showname="Next protocol" size="1" value="06"/>
      <field name="hchecksum" pos="25" show="0x75C3" showname="Header Checksum" size="2" value="75C3"/>
      <field name="src" pos="27" show="192.168.1.134" showname="Source address" size="4" value="C0A80186"/>
      <field name="dst" pos="31" show="192.168.1.103" showname="Destination address" size="4" value="C0A80167"/>
    </proto>
    <proto name="TCP" pos="35" showname="TCP (Transmission Control protocol)" size="28">
      <field name="sPort" pos="35" show="1869" showname="Source port" size="2" value="074D"/>
      <field name="dPort" pos="37" show="2002" showname="Destination port" size="2" value="07D2"/>
      <field name="seq" pos="39" show="1923209945" showname="Sequence number" size="4" value="72A1DAD9"/>
      <field name="ack" pos="43" show="0" showname="Acknowledgement Number" size="4" value="00000000"/>
      <field name="flags" pos="47" show="0x7002" showname="Flags" size="2" value="7002">
        <field mask="F000" name="hlen" pos="47" show="7" showdtl="28 (field value = 7)" showname="Header length" size="2" value="7"/>
        <field mask="0FC0" name="res" pos="47" show="0b....000000......" showname="Reserved (must be zero)" size="2" value="0"/>
        <field mask="0020" name="urgf" pos="47" show="0b..........0....." showname="Urgent pointer" size="2" value="0"/>
        <field mask="0010" name="ackf" pos="47" show="0b...........0...." showname="Ack valid" size="2" value="0"/>
        <field mask="0008" name="pushf" pos="47" show="0b............0..." showname="Push requested" size="2" value="0"/>
        <field mask="0004" name="rstf" pos="47" show="0b.............0.." showname="Reset requested" size="2" value="0"/>
        <field mask="0002" name="synf" pos="47" show="0b..............1." showname="Syn requested" size="2" value="1"/>
        <field mask="0001" name="finf" pos="47" show="0b...............0" showname="Fin requested" size="2" value="0"/>
      </field>
      <field name="win" pos="49" show="16384" showname="Window size" size="2" value="4000"/>
      <field name="crc" pos="51" show="0x630F" showname="Checksum" size="2" value="630F"/>
      <field name="urg" pos="53" show="0x0000" showname="Urgent Pointer" size="2" value="0000"/>
      <field name="options" pos="55" showname="TCP Options" size="8">
        <field name="mss" pos="55" showname="Maximum Segment Size" size="4">
          <field name="kind" pos="55" show="2" showname="Type" size="1" value="02"/>
          <field name="Length" pos="56" show="4" showname="Option length" size="1" value="04"/>
          <field name="max seg size" pos="57" show="1260" showname="maximum segment size" size="2" value="04EC"/>
        </field>
        <field name="nop" pos="59" showname="No Operation" size="1">
          <field name="kind" pos="59" show="1" showname="Type" size="1" value="01"/>
        </field>
        <field name="nop" pos="60" showname="No Operation" size="1">
          <field name="kind" pos="60" show="1" showname="Type" size="1" value="01"/>
        </field>
        <field name="spo" pos="61" showname="Sack-Permitted Option" size="2">
          <field name="kind" pos="61" show="4" showname="Type" size="1" value="04"/>
          <field name="Length" pos="62" show="2" showname="Option Length" size="1" value="02"/>
        </field>
      </field>
    </proto>
  </packet>
</pdml>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube