Ethereal-dev: [Ethereal-dev] Re: The Thing: ethereal configurable tracing filelds
Hi:
Few last minute patches,
- I fix a bug in loose_match that advanced in both the src and the op
avpl while it had to advance just the src.
- I added the Settings AVPL to the config (it used to be just for debugging)
- I fixed a huge AVP leak
On Sun, 14 Nov 2004 04:28:12 +0100, LEGO <luis.ontanon@xxxxxxxxx> wrote:
> Hi,
>
> I'm proud to submit my latest work. "The Thing" is a tracing facility
> that enables
> ethereal to filter packets based on fields from other related fields.
>
> The Thing is somehow described in http://wiki.ethereal.com/Thing anyway,
> I'm available to answer any sort of doubts people might have about the Thing.
>
> The main purpose for which I started to write this was to filter with a simple
> expression all the packets from different protocols related to calls of a
> certain user. As I went through the design and coding of this module I noticed
> that just tracing calls using a specific and limited set of protocols was
> little compared with what I could have archived with a little more work (BTW.
> it turned out to be a lot more).
>
> The final result is an all-purpose tracing facility that can be instructed on
> what and how to trace sessions and transactions using (I believe) any field
> coming from any protocol ethereal already dissects. Although instructing the
> tracing facility on how to trace is not simple its potential is huge. Some
> examples of configuration file are provided.
>
> The thing needs a lot more work to be done (thing.TODO) before it becomes
> production code. The way I fit it into ethereal is a fortune job, that is
> I worked on that just enough to unblock me and move to the application. I
> think most of the filed import work should be done directly in proto.c but
> again I do not know ethereal's internals that well to be able to tell for
> sure. I think that someone that knows well how ethereal works should be able
> to do a much better job in not much time.
>
> I plan to be working on some parts that are in the code but not yet fully
> functional, or not functional at all. I planned to release it as soon as I
> would have filtered all RAS packets related to a call based on the calling
> number (which they do not have). I did that last night. So today I'm releasing
> the code.
>
> The tarball contains:
>
> code:
> epan/thing.c - the thing itself
> epan/thing.h
> epan/thing_util.c - the AVP library and other stuff not strictly part
> of the thing itself
> epan/thing_util.h
> epan/dissectors/packet-thing.c - what dissects the past and future of
> a packet :-)
>
> the patches to epan/Makefile.common and epan/dissectors/Makefile.common
>
> example.thing - a very simple configuration for the thing for ISUP, Q931 and RAS
>
> and two horrible patches one to file.c and the other to epan/packet.c
> that allow the thing
> to run in ethereal but in a very limited way. These should be
> rewritten not committed!!!
>
> Before getting into this it's was many years since I haven't wrote more than
> five consecutive lines of C. Adding to that ethereal's internal mechanics are
> not simple, it took me weeks to figure out how to get this into the picture.
> As so I beg you all for patience in helping me fix and understand the mistakes
> I've made in writing this module.
>
> I beg every one in the ethereal community to help me improving this facility
> with their experience and their patience. I know for sure that there are
> several things that can and others that have to be improved (tracing.TODO).
> Other than that, as I'm not good with documentation, I hope someone will help
> us all writing a user's manual for this module. I'm obviously available for any
> clarifications in regard to the operation of the tracing facility.
>
> Best Regards,
> Luis E. Garcia Ontanon
>
>
>
Attachment:
thing.c.patch
Description: Binary data
Attachment:
thing_util.c.patch
Description: Binary data
Attachment:
thing.h.patch
Description: Binary data
