ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: [Wireshark-dev] After a long hiatus my XDR to dissector code can actually genera

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Richard Sharpe <realrichardsharpe@xxxxxxxxx>
Date: Sat, 24 Dec 2016 11:36:10 -0800
Hi folks,

I have pushed some initial code to here:
https://gitlab.com/realrichardsharpe/wireshark_rpcgen

This code is based on the stand-alone rpcgen in Ilumnos.

It can now handle all of RFC1832, I believe, but it is fairly
rudimentary in the following sense:

1. It does not do anything special with file handles, dates and times,
mode fields etc.
2. The names is uses are straight out of the XDR file so they look pretty ugly.
3. It probably does not handle cases where an XDR file uses types
defined in another XDR file.

However, it can create a dissector for NFSv3 but I had to do a lot to
hack it into Wireshark, which brings up another topic.

Currently, all of the XDR-based protocols handled by Wireshark seem to
use hand-generated dissectors, which are, IMO, problematic:

1. They have their own infrastructure (the rpc_xxx routines)
2. They dissect stuff in a way that produces reasonably nice results
but don't reflect some aspects of the XDR.
3. They require quite a bit of knowledge to write, which is an
impediment to companies that use XDR-based protocols, especially when
the XDR is changing.

For these reasons, I will continue working on the dissector generator
to try to improve it considerable.

Improvements I have in mind are:

1. Make it handle XDR files that include other definitions (is,
multi-file proto specs.)
2. Provide a way to have more friendly names, probably with some sort
of extras file that specifies translations and actions for some
fields.)
3. Hook into, or provide infrastructure similar to the existing
dissectors for XDR-based RPC protocols.

The code also needs cleaning up and all the debug stuff needs
switching off in the normal case. It currently inserts C++ comments to
help figure out issues, but these should be off by default.

Attached is a partial screen shot showing something of what it looks like.

I am making it available now because years ago I wrote some Perl code
to generate the SMB dissector but never made it available. That was a
mistake. This time around I don't want to make that mistake.

I welcome suggestions and code donations.

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)

Attachment: wireshark-dissector-generator-1.PNG
Description: PNG image

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube