Mailing List Archive: ethereal -G (Protocol and field names)

ethereal -G (Protocol and field names)

Feb 27, 2003, 1:10 PM

Post #1 of 3 (9104 views)

Hi all,

While automating the generation of protocol field documentation (after
per-protocol sorting of protocol field names), I came across the conclusion
that most of the protocol fields for a given protocol also share the
protocol name as first part of the field name (e.g., aarp (Appletalk Address
Resolution Protocol) has a field named aarp.dst.hw). However not all
protocols do share this logic.

If I understand it correctly, we often refer to a protocol by 2 names: the
official protocol name (e.g., as listed in IANA assigned port numbers) and
an internal name.

Sometimes one protocol is defined but the IANA repository (or another body)
refers to a set of related protocols. Example: the WTP protocol is used in
connection-oriented WSP. We are able to decode it when using nonsecure WSP
(no WTLS), this means IANA port 9201, with registered IANA protocol "name":
wap-wsp-wtp.

The same is true for the WSP protocol, which exists in 2 flavors (WTLS
security not considered here): connectionless (wap-wsp, port 9200) and
connection-oriented (wap-wsp-wtp, port 9201). See the confusion?

Which logic should we apply to protocol names and their associated protocol
field names (especially in situations where protocols implicitly refer to
other protocols)?

Regards,

Olivier

Re: ethereal -G (Protocol and field names) [ In reply to ]

guy at netapp

Feb 27, 2003, 1:19 PM

Post #2 of 3 (8582 views)

Permalink

On Thu, Feb 27, 2003 at 09:10:16PM +0100, Biot Olivier wrote:
> Which logic should we apply to protocol names and their associated protocol
> field names (especially in situations where protocols implicitly refer to
> other protocols)?

"wap-wsp-wtp", as an Ethereal protocol name, actually refers only to
WTP, and "wap-wsp", as an Ethereal protocol name, actually refers to
WSP, regardless of whether it's running directly over UDP or running over
WTP.

As such, in that particular case, I'd be inclined to rename
"wap-wsp-wtp" to "wtp", because

1) the registered fields have just "wtp";

2) people might expect to use "wtp" to filter for WTP packets;

and inclined to rename "wap-wsp" to "wsp", for similar reasons.

RE: ethereal -G (Protocol and field names) [ In reply to ]

Olivier.Biot at siemens

Feb 27, 2003, 3:29 PM

Post #3 of 3 (8627 views)

Permalink

Hi Guy,

I agree with your proposition. In order to make it clearer for all
protocols available in Ethereal 0.9.9 (plus WBXML decoding), I've created a
small web page where an example HTML representation of all Ethereal
protocols and fields can be found in an alphabetical order.

http://home.tiscali.be/olivier.biot/ethereal/

The actual procedure is also described on this web page. I'm currently
misusing MS Excel, eventually all the code should be written to a (set of)
script(s).

By means of this list, I could verify that sometimes protocol field names
don't refer anymore to the protocol in their field names, and other ones
share a common prefix (see IPv6 where the mobile IPv6 parameters start with
ipv6.mipv6_[subfield name]: shouldn't we write something like "ipv6.mip."
instead?)

We could then agree on the proposed protocol (field) names for an 1.0
release :)

Please comment!

Regards,

Olivier

> -----Original Message-----
> From: Guy Harris [mailto:guy@netapp.com]
>
> On Thu, Feb 27, 2003 at 09:10:16PM +0100, Biot Olivier wrote:
> > Which logic should we apply to protocol names and their
> associated protocol
> > field names (especially in situations where protocols
> implicitly refer to
> > other protocols)?
>
> "wap-wsp-wtp", as an Ethereal protocol name, actually refers only to
> WTP, and "wap-wsp", as an Ethereal protocol name, actually refers to
> WSP, regardless of whether it's running directly over UDP or
> running over
> WTP.
>
> As such, in that particular case, I'd be inclined to rename
> "wap-wsp-wtp" to "wtp", because
>
> 1) the registered fields have just "wtp";
>
> 2) people might expect to use "wtp" to filter for WTP packets;
>
> and inclined to rename "wap-wsp" to "wsp", for similar reasons.