Ethereal-dev: Re: [Ethereal-dev] Design question about multiple-packet packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Michael Tuexen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>
Date: Wed, 22 Jan 2003 19:26:57 +0100
Hi,

SCTP (packet-sctp.c) often has multiple uppler layer information
within one packet. I'm coding the upper layer in a way that the stuff
in the INFO columns is appended. However, the protocol column is a
problem. The entry shown corresponds to the highest layer of the
last DATA chunk. The point is that often one SCTP packet contains
multiple different upper layers. I have not found a good way yet to
deal with it.

Best regards
Michael
On Wednesday, Jan 22, 2003, at 15:55 Europe/Berlin, William Mulvihill wrote: 


Hi,
First off, I'm extremely happy with the power and simplicity of making dissectors and plugins with Ethereal. It has been very simple to get into the API and work with it. A big thanks to all the developers.
My question is this. I've got a protocol where each packets payload (after IP headers, UDP headers, and the protocols headers) can contain any of 86 different packet types. On top of that, each payload can contain multiple instances of different packet types. So you've got: 

Internet Headers (Ethernet, IP, UDP, etc) ->
	Protocol Headers ->
		payload ->
			packet type #34
			packet type #56
			etc. etc.
Now due to the ease of the Ethereal API, I've been able to easily interpret all these packets in the protocol and display the packet types in the Column INFO. That is nice, but it would be lovely if I could have every single packet within the packet interpreted fully (like down in the middle pane in the tree). Now each packet type has its own fields, as many as 70-80 per packet type (a lot of tedious work, but worth it). So I've got a growing list of hf_proto_fieldname declarations.
What I humbly ask this community is how do I interpret each one of those packet types inside the packet without having a list of hf_proto_fieldname1, hf_proto_fieldname2 going up to the maximum number of packets in the packet. I'm already leaning towards having a tree for every packet (so like Packet 1, Packet 2, etc are each their own tree that have their own fully interpreted packets). But if I reuse the hf_proto_fieldnames for each tree (each packet within the packet), aren't I going to get in trouble somewhere down the road?
I have a half-formed idea about arrays or something like that, but I'm not sure that would help. Has anyone done anything similar? You could point me to a packet-xxx.c for an example of how someone dealt with that. Thank you very much. 

-Will Mulvihill

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev