simple-binary-encoding icon indicating copy to clipboard operation
simple-binary-encoding copied to clipboard
verified publisher icon real-logic

Wireshark generator

Open skizzay opened this issue 8 years ago • 11 comments

Since the encoded data is typically transferred some network or another, it makes sense to create a Wireshark dissector to view the live data transmitted on the network.

skizzay avatar Aug 25 '17 18:08 skizzay

SBE is not self-describing: in order for Wireshark to decode an SBE stream, it would need the schema file. I guess your proposal is to generate a dissector module as an alternative output from sbe-tool?

Wireshark can dynamically load dissectors. It would need to deal with different platforms, but I guess it would be possible to generate the source code, cmakefile, and perhaps the Visual Studio project file.

The basic decoding work would likely not be too difficult, but it would be quite complex to actually emit a working .so/.dll/.dylib.

da4089 avatar Aug 26 '17 10:08 da4089

This type of requirements was the driver for the On-The-Fly (OTF) decoding ability for SBE from serialised IR.

mjpt777 avatar Aug 26 '17 13:08 mjpt777

It is quite possible to make a plugin for Wireshark that used the OTF decoder when supplied with an SBE IR file.

tmontgomery avatar Aug 28 '17 23:08 tmontgomery

Similar things for Wireshark would be ASN.1, DCE/MS-RPC IDL, CORBA IDL, GPB, etc. I don't recall it having the option to load those at runtime. Looking at the Wireshark source code, it appears the existing ASN.1 and DCE-RPC dissectors are generated, compiled, and linked at build time. The set of supported protocols doesn't appear to be extensible either in the UI or via a configuration file.

It does support loading modules at startup from shared objects however. So ... presumably the internal structures can be extended, at least during initialisation. Given that, I guess a manually-written dissector that processed one or more IR (or even raw XML) schema files at initialisation time could probably create a matching set of dissectors.

da4089 avatar Aug 29 '17 02:08 da4089

Dissectors can be configured. So, it should be relatively straight forward to use that config to hold SBE IR file location or even a list of them. @dameiss might know more in this regard.

tmontgomery avatar Aug 29 '17 03:08 tmontgomery

I figure a directory into which SBE IR files can be copied, each of which would then create an entry in the dissectors table at startup, would be good?

da4089 avatar Aug 29 '17 03:08 da4089

Perhaps. Knowing which dissector to call in a chain can be a little tricky, though.

tmontgomery avatar Aug 30 '17 16:08 tmontgomery

I've written a few Wireshark dissectors. I'd be happy to write one for SBE, if someone is willing to pay for the work.

da4089 avatar Sep 01 '17 06:09 da4089

I've written a few as well. Same. Too much other stuff to do.

tmontgomery avatar Sep 03 '17 16:09 tmontgomery

Sorry for the late comment. Just saw this. I have already written a wireshark dissector generator for Sbe as part of a larger source generation project. I posted some recent cme sbe protocols here:

https://github.com/Open-Markets-Initiative/wireshark-lua

omi-dev-one avatar Nov 11 '17 22:11 omi-dev-one

Apologies also for the necrobump, but I too came across this thread looking for something similar to help diagnose a network issue. In the end I implemented a code generator. The source is available here for public consumption: https://github.com/TransFICC/sbe-wiresharker

The project currently spits out a Lua dissector but it has a pretty extensive integration test suite and I split the code generator into a front end parser and back end generator so it could be extended with an alternative back end if a C dissector was ever required.

zamhassam avatar Jul 21 '21 07:07 zamhassam