Simple ASN1 based dissector
foo.tar.gz all seven files as gzipped foo directory (suitable for unzipping in wireshark/asn1 directory)
============================= README ===================================
FOO protocol dissector
----------------------
This trivial dissector is an example for the strugling dissector developer (me included)
of how to create a dissector for a protocol that is encapsulated in UDP packets
for a specific port, and the packet data is ASN1 PER encoded.
The thing that took me a while to figure out was that in order to see my packet
dissected on the detail pane, I had to:
1. Tell the compiler which block in the ASN1 definition is a PDU definition by adding
FOO-MESSAGE under the #.PDU directive in the foo.cnf file
2. Add a call to dissect_FOO_MESSAGE_PDU() function in the dissect_foo() function in the
packet-foo-template.c file.
To build and test it:
1. in foo directory, run make
2. run make copy_files
3. add packet-foo.c and packet-foo.h to epan/dissectors/Makefile.common
4. run top level make
CAVEAT: Makefile.nmake was not tested .
You can take it from here :-)
--00--
============================= foo.asn ===================================
-- FOO PROTOCOL
--
FOO-PROTOCOL DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
-- General definitions
MessageId ::= INTEGER (0..65535)
FlowId ::= INTEGER (0..65535)
MessageData ::= SEQUENCE {
name OCTET STRING(SIZE(10)),
value OCTET STRING(SIZE(10))
}
FOO-MESSAGE ::= SEQUENCE {
messageId MessageId,
flowId FlowId,
messageData MessageData
}
END
============================= foo.cnf ===================================
# foo.cnf
# FOO conformation file
# $Id$
#.MODULE_IMPORT
#.EXPORTS
#.PDU
FOO-MESSAGE
#.NO_EMIT
#.TYPE_RENAME
#.FIELD_RENAME
#.END
============================= packet-foo-template.h ===================================
/* packet-foo.h
* Routines for foo packet dissection
*
* $Id$
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef PACKET_FOO_H
#define PACKET_FOO_H
#endif /* PACKET_FOO_H */
============================= packet-foo-template.c ===================================
/* packet-foo.c
* Routines for FOO packet dissection
*
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <glib.h>
#include <epan/packet.h>
#include <epan/conversation.h>
#include <stdio.h>
#include <string.h>
#include "packet-per.h"
#include "packet-foo.h"
#define PNAME "FOO Protocol"
#define PSNAME "FOO"
#define PFNAME "foo"
#define FOO_PORT 5001 /* UDP port */
static dissector_handle_t foo_handle=NULL;
/* Initialize the protocol and registered fields */
static int proto_foo = -1;
static int global_foo_port = FOO_PORT;
#include "packet-foo-hf.c"
/* Initialize the subtree pointers */
static int ett_foo = -1;
#include "packet-foo-ett.c"
#include "packet-foo-fn.c"
static void
dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_item *foo_item = NULL;
proto_tree *foo_tree = NULL;
int offset = 0;
/* make entry in the Protocol column on summary display */
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, PNAME);
/* create the foo protocol tree */
if (tree) {
foo_item = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, FALSE);
foo_tree = proto_item_add_subtree(foo_item, ett_foo);
dissect_FOO_MESSAGE_PDU(tvb, pinfo, foo_tree);
}
}
/*--- proto_register_foo -------------------------------------------*/
void proto_register_foo(void) {
/* List of fields */
static hf_register_info hf[] = {
#include "packet-foo-hfarr.c"
};
/* List of subtrees */
static gint *ett[] = {
&ett_foo,
#include "packet-foo-ettarr.c"
};
/* Register protocol */
proto_foo = proto_register_protocol(PNAME, PSNAME, PFNAME);
/* Register fields and subtrees */
proto_register_field_array(proto_foo, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
/*--- proto_reg_handoff_foo ---------------------------------------*/
void
proto_reg_handoff_foo(void)
{
static gboolean inited = FALSE;
if( !inited ) {
foo_handle = create_dissector_handle(dissect_foo,
proto_foo);
dissector_add("udp.port", global_foo_port, foo_handle);
inited = TRUE;
}
}
============================= Makefile ===================================
# $Id$
DISSECTOR_FILES=packet-foo.c packet-foo.h
all: generate_dissector
generate_dissector: $(DISSECTOR_FILES)
$(DISSECTOR_FILES): ../../tools/asn2wrs.py foo.asn packet-foo-template.c packet-foo-template.h foo.cnf
python ../../tools/asn2wrs.py -p foo -c foo.cnf -s packet-foo-template foo.asn
clean:
rm -f parsetab.py parsetab.pyc $(DISSECTOR_FILES)
copy_files: generate_dissector
cp $(DISSECTOR_FILES) ../../epan/dissectors
============================= Makefile.nmake ===================================
## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
#
# $Id: Makefile.nmake 18199 2006-05-21 14:36:05Z kukosa $
include ../../config.nmake
UNIX2DOS=$(PERL) ../../tools/unix2dos.pl
PROTOCOL_NAME=foo
DISSECTOR_FILES=packet-$(PROTOCOL_NAME).c packet-$(PROTOCOL_NAME).h
all: generate_dissector
generate_dissector: $(DISSECTOR_FILES)
$(DISSECTOR_FILES): ../../tools/asn2wrs.py PKCS1.asn packet-foo-template.c packet-foo-template.h foo.cnf
!IFDEF PYTHON
$(PYTHON) ../../tools/asn2wrs.py -p $(PROTOCOL_NAME) -c foo.cnf -s packet-foo-template foo.asn
!ELSE
@echo Error: You need Python to use asn2wrs.py
@exit 1
!ENDIF
clean:
rm -f parsetab.py parsetab.pyc $(DISSECTOR_FILES)
distclean: clean
maintainer-clean: distclean
# Fix EOL in generated dissectors. Cygwin's python generates files with
# mixed EOL styles, which can't be commited to the SVN repository.
# Stuff included from template and "cnf" files has "\r\n" on windows, while
# the generated stuff has "\n".
fix_eol: generate_dissector
move packet-$(PROTOCOL_NAME).c packet-$(PROTOCOL_NAME).c.tmp
move packet-$(PROTOCOL_NAME).h packet-$(PROTOCOL_NAME).h.tmp
$(UNIX2DOS) < packet-$(PROTOCOL_NAME).c.tmp > packet-$(PROTOCOL_NAME).c
$(UNIX2DOS) < packet-$(PROTOCOL_NAME).h.tmp > packet-$(PROTOCOL_NAME).h
del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp
copy_files: generate_dissector fix_eol
xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y
xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y