On Wed, 14 Oct 1998, Simon Wilkinson wrote:
> I've added support for decoding AARP and ELAP encapsulated DDP packets
> to ethereal. I'm intending on extending this to include some of the
> other Appletalk protocols (especially NBP, as thats the traffic I
> actually *need* to look at...)
What a coincididence -- someone wrote in yesterday asking for AppleTalk
support. I even went so far as to download the "Inside AppleTalk"
.pdf from Apple's site to see what it would entail.
> Are the any guidelines on source code formatting, variable naming and
> the like that I should be aware of if the changes are to make it into
> the tree with the minimum of fuss? Also - where should I submit a
> fairly large patch to - this list, gerald, or is it possible to get
> write access to the CVS repository?
There aren't any formal guidelines at the present time. Most of the
current packet handling modules have these features in common:
- The entry routine(s) are named dissect_xxx(). Network (and above)
layer routines take one more argument than their data link layer
counterparts.
- Each entry routine to checks for invalid data, and calls the
appropriate next-layer routine. If there is no next-layer routine,
dissect_data() is called.
- Entry routines are currently called from three different places in
the program: when the packet list is built, each time a packet is
selected and a tree is built, and when a packet is printed. Packet
list column data is generated by copying into the frame_data struct's
win_info character array. The tree is built using the add_subtree()
and add_item_to_tree() convenience routines. The printing routines
use the same data structures as the tree list routines, so no extra
code is needed.
- For each unique add_subtree() call, you should add a corresponding
ETT_xxx entry to packet.h. This lets tree branches retain their
open/closed state between packet list selections. (Guy just
contributed a patch to change the ETT_xxx #defines to enums, BTW.)
- There are several convenience functions for dissection routines:
pntoh[sl] and pletoh[sl] are macros that grab multi-byte ints
from the packet data array in an alignment-safe manner. pntoh[sl]
grabs network-order short and long ints, and pletoh[sl] grabs little
endian ints.
END_OF_FRAME calculates the bytes remaining in the current frame
from the current offset.
ether_to_str() and ip_to_str() convert bytes in the packet data
array to ethernet and IP addresses.
match_strval compares a given integer to a list of inter-string pairs.
It returns a matching string pointer on success, or NULL on failure.
Sending patches to the list would probably be preferred, since it
allows anyone on the list to check out the code. When someone sends
in lots of patches it means extra work for me, so I typically give them
CVS access. :)
> Also, is there any work being done in the graphing side of things? I
> may have some code that could be of use.
As far as I know, nobody has been working on this. Guy suggested a
while back that scripting support should be added, and to make graphs
script-generated.
---------------------------------------------------------------------------
***** ***** Gerald Combs gerald@xxxxxxxxxx
*** *** Long-haired freak http://www.unicom.net
* * Unicom Communications, Inc. (913)327-5309
***** 7223 W. 95th St., Ste 325 (913)327-5376 Fax
*** Overland Park, KS 66212 (913)327-5375 Client Support
*
---------------------------------------------------------------------------
