>I've taken Ken's patches and rewritten them as patches to ethereal. I've
>also added a small amount of additional decoding. More can be added by
>anyone - just take a look at the rx definitions in the Arla source code.
>(Although they don't always seem to match up to the packet contents... I
>don't completely understand the rx source's workings.)
This isn't in the README, but it's not that complicated ... relatively :-)
First in every packet, there is the RX header. That tells things like
the sequence number, service id, packet type, etc etc ...
If it's a data packet, and it's the first in a call (sequence number
is one), and the client-init flag is set, then the first thing will
be the XDR encoded RPC opcode (network byte order, 32-bit unsigned int).
The outgoing call will have all of the IN arguments to the RPC function
call (if you're looking at the RPC template). These are all XDR encoded.
If the return code is zero, the reply will have all of the OUT arguments
XDR encoded. The opcode isn't encoded, so you have to keep track
of the source & destination addresses and ports and the service id and
the AFS call id. If the return code is non-zero, you'll get an abort
packet instead of a data packet with the xdr-encoded return code.
The actual xdr encoding of datatypes is sometimes a bit .... odd. There
is (IMHO) excessive use of XDR vectors, which are fixed-length arrays.
This isn't so bad, except that each element of an XDR vector gets
encoded as a 32-bit int no matter what the real element size is. So
if you use this encoding for strings (which is done in many places)
you not only get a string encoded at the maximum possible length, it's
four times as long as it needs to be. Example: the PTS name encoding
uses a vector for the name, with a maximum length of 64 characters. So
every name in a PTS call, regardless of how long it really is, takes up
256 bytes. It's worse with some of the VLDB calls, because they
use XDR vectors for encoding the volume information (maximum of 12
read-only copies means you have a vector of 13), so you end up with a
a packet that's more than a thousand bytes that's mostly nulls.
--Ken
