Kojak wrote:
>
> > > I've updated and extended the ICQ decoder a lot further. Included in
> > > this message is the diff, I hope it can be applied...
> > Done (except for the additional TCP port number; we really need to add
> > the ability to specify "dissect port XXX as YYY" at run time...).
>
> I'm all in for that. I need to set TCP port numbers at runtime, 'cause
> ICQ tends to allocate these on the fly. It publishes them in the UDP
> traffic.
>
> I'll postpone adding TCPclient-client connections until there is a way
> to dynamically 'allocate' port numbers.
A thought on this discussion -- perhaps part of the eventual changes for
this should be:
Very sketchy pseudocode below...Assuming tcp only for below, extend
registration/check routines in the obvious manners to register protocol
specific dynamic ports.
if ( port == blah ) ...
elsif ( conversation->default_proto non null ) { process as that proto }
elsif ( port matches a dynamic port )
{
foreach dynamic protocol/port registration
{
proto = default_data;
if ( *(dynamic_port_check_routine)(pd,offset) )
{
proto = this_proto;
}
else if ( no port check routine ) - should only be one of these per
port
{
proto = that_proto;
}
conversation->default_proto = proto;
}
}
Basically, this could allow you to do something along the lines of:
check_if_http() { if packet begins with GET, PUT, POST, etc. return
true }
check_if_my_proto() .. some other check ..
check_if_my_proto_that_occaisonally_runs_on_80()
assign_dynamic_port(8080, proto_http, check_if_http);
assign_dynamic_port(8080, proto_special, check_if_my_proto);
assign_dynamic_port(80, proto_my_80_proto, check_if_my_proto_that...);
assign_dynamic_port(80, proto_http, NULL); /* fall back regardless to
http */
This would allow both dynamic assignment of ports to given protocols,
but would also allow for multiple protocols to be run on given ports.
A possible extension to this could be
assign_dynamic_port(0, proto_http, check_if_http);
Which would have the effect of checking any other previously
unidentified protocol using the check routine, and falling back to that.
This way, ethereal could spot an http/pop/etc. transaction running on
any port, even if it didn't know about the port ahead of time.
Something like this could be done as a final fallback that processed
everything as 'data' if no other dynamic were detected.
assign_dynamic_port(0, proto_data, NULL);
Anyway, these were just some ideas I thought I'd toss out.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul@xxxxxxx
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
