
Writing Detailed Protocol Decoders

The "detail" protocol decoder fills in the middle window in
the tcpview display.  In general, the output should look
something like this:

    ----- DLC header -----

    Frame arrived at 23:36:23.3498   Frame size is 60 (60 captured) bytes
    Destination =   Cisco_003462  DUST112
    Source      =   DEC___0dc56c  jeff.cac
    Ethertype   =   0800 (IP)


Each function takes as input a pointer to the data to be decoded.  There
are also a few global variables which will be set;

struct packet_header *Phdr;  /* header of current frame */
u_int Offset;     /* current offset from beginning of frame */

struct packet_header {
	struct timeval ts;	/* time stamp */
	u_long len;		/* length of this packet (off wire) */
	u_long caplen;		/* length of portion captured */
};

If needed, you can use these globals to determine the size of the 
captured frame, timestamp, and current location in the frame.


------------------------------------------------------------------------
The file detail-xxx.c should look something like this:

#include "tcpview.h"

/* p is a pointer to the data to be decoded */
void detail_xxx( u_char *p )
{
    /* you may want to use a structure to make things easier */
    struct xxx_header *xp = (struct xxx_header *)p;

    /* you may want to check Phdr->caplen to see if enough of the
	packet was captured to decode */

    /* now print the header and a blank line */
    printf("----- XXX header -----\n\n");
 
    /* print other lines */
    /* to work with tcpview, use those standard I/O functions in
       print.c 
    */

    /* now we have to provide information to the hex window (bottom
	window) concerning what lines correspond to what offsets in
	the hex display.  To do this, you call hex( start, stop ),
	where 'start' and 'stop' are the offset in bytes from the
	pointer you were passed at the beginning of this function.
	You call hex() once for every line you printed.  You can do
	this as you print each line, or all at once at the end.
	hex( -1, -1 ) is used for blank lines.  */

    hex( 0, sizeof(struct xxx_header));  /* the header line */
    hex( -1, -1 );                /* blank line */
    hex( 0, 3 );                  /* first 4 bytes */
	etc.

    /* finally, if there are higher level protocols to call,
	you have to increment the global variable 'Offset' and pass
	a pointer to the higher layer data to the appropriate
	function */

    Offset += sizeof(struct xxx_header);
    p += sizeof(struct xxx_header);
    switch( xp->type ) {
    case YYY_TYPE:
        detail_yyy(p);
        break;
    case ZZZ_TYPE:
        detail_zzz(p);
        break;
    }
}
