> On 19Apr 2017, at 13:47, Roland Knall <[email protected]> wrote: > > But in my opinion not really usable for most other protocols which include > bigger state machines (like industrial ethernet protocols).
Ye, I am not looking for expressing bigger state machines, rather something that can churn out dissectors out of definitions like coords_t := (u16 X) (u16 Y) (u8 Z) command := item_move | player_move item_move := (u8 0x64) (coords_t from) (coords_t to) (u8 stackpos) (u16 itemid) player_move := (u8 0x90) (coords_t to) (This goes on for some hundred different commands, with multiple versions for each command depending on protocol version) > - Just use Kaitai syntax but rewrite the parser as a c-library to include > with wireshark I'll consider going this route. Thanks for your input. Regards, Ahmad > > > On Wed, Apr 19, 2017 at 11:27 AM, Ahmad Fatoum <[email protected] > <mailto:[email protected]>> wrote: > Hello everyone, > > I want to update a game protocol dissector I wrote, and would love to be able > to rewrite all those game commands in a declarative manner. > What I've found so far: > > • ASN.1: asn2wrs, part of Wireshark and supports packed encoding rules (PER), > but I believe it's not possible to decode an arbitrary non-ASN.1 encoded > protocol [1]. Is that right? > > • Wireshark Generic Dissector: A plugin that can read a DSL and dissect > packets accordingly [2]. > > • CSjark: C structs to Lua dissectors [5]. > > • Kaitai Struct: A declarative language written for decoding arbitrary > formats [3]. There's a basic Wireshark LUA dissector generator [4]. > > > > In essence, I want something to turn struct-like definitions for an arbitrary > protocol into a dissector. Should support: > • struct pascal_string { u16 len; u8 bytes[len] }; > • continue till character: e.g. for nul-terminated strings > • pattern matching: struct { u8 0x64; /* 0x64 specific fields */ }, struct { > u8 0x10; /* 0x10 specific fields */ } > • arbitrary nesting thereof > • endianness specification > • code generation: The protocol in question is encrypted. So e.g. the generic > dissector plugin is insufficient. > > Having readily available parser generators for the format would be a huge > plus. Kind of like lex/yacc, but for binary data and with a Wireshark backend. > > So, what are your experiences with declaratively parsing binary data? > What are your thoughts on having a declarative format for dissectors? Have > you tried it before? > If the ASN.1 support in Wireshark isn't fit for this task, what would need to > be done to make it so? > Would you be interested in a kaitai2wrs generator? Or maybe > another_format2wrs? I'd be willing to try. > > > This was raised multiple times before on the mailing list, the most extensive > one being this, I think: > https://www.wireshark.org/lists/wireshark-dev/201207/msg00110.html > <https://www.wireshark.org/lists/wireshark-dev/201207/msg00110.html> > > > Nevertheless, things might have changed? > > > Looking forward to feedback. > > Best regards, > > > [1]: https://wiki.wireshark.org/Asn2wrs <https://wiki.wireshark.org/Asn2wrs> > [2]: http://wsgd.free.fr/ <http://wsgd.free.fr/> > [3]: http://kaitai.io/ <http://kaitai.io/> > [4]: https://github.com/joushx/kaitai-to-wireshark > <https://github.com/joushx/kaitai-to-wireshark> > [5]: https://github.com/eventh/kpro9 <https://github.com/eventh/kpro9> > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected] > <mailto:[email protected]>> > Archives: https://www.wireshark.org/lists/wireshark-dev > <https://www.wireshark.org/lists/wireshark-dev> > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > <https://www.wireshark.org/mailman/options/wireshark-dev> > mailto:[email protected] > <mailto:[email protected]>?subject=unsubscribe > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe
signature.asc
Description: Message signed with OpenPGP
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
