README: ====== For each protocol layer: - Dispatcher instanciates a new Dissector for this layer. - Dispatcher asks Dissector to parse the captured packet. - Dissector determines if packet must be reassembled. - If reassembly is required, packet is tranfered to reassembly, which may result in a complete packet - If packet is complete, then dispatch filters are querried to eliminate components for which this packet is not suitable - Upper layer dispatcher is selected based on Dissector information (Implicitely registered Upper Layers) or based on Upper Layer Filters (Explicitely registered Upper Layers). Packet and component list are transmitted to first available Upper Layer Dispatcher. - If no Upper Layer Dispatcher is available, then payload and component list are returned. Dispatchers are Singletons, and all inherit from Dispatcher class. Dispatcher ^---EthernetDispatcher |---IpDispatcher |---TcpDispatcher |---UdpDispatcher |---SipDispatcher |---... Dispatcher instances can be retrieved via pseudo-factory DispatcherFactory using method Get(""). Example: DispatcherFactory::Instance().Get("UDP"); Dissectors all inherits from Dissectors Dissector ^---EthernetDissector |---IpDissector |---TcpDissector |---UdpDissector |---SipDissector |---... Dissectors are created via DissectorFactory using method Create(). Example: DissectorFactory::Instance().Create("Ethernet"); TODO: ==== * Implement Dispatch filters: => Dispatch filters are created using Dispatcher's RegisterFilter() method. => Each Dispatch filter should be associated with a ComponentId. => the Match() method should receive a Dissector as parameter. => if none of a ComponentId filters matches, then this ComponentId should be removed from Dispatcher's ComponentId list. => if a ComponentId has no associated filter, then this ComponentId remains in the list. => if Dispatcher's ComponentId list gets empty, then it means that captured packet does not match any Component filter... Oooops => All filters are always processed, thus Dispatch filter registration order has no impact. => Example: Configuration: Components: CompA, CompB, CompC Dispatcher: IP Filters: - CompA, addr, @1 - CompB, addr, @1 - CompB, addr, @2 Dispatcher: UDP/TCP Filters: b - CompA, port, 5060 - CompB, port, 53 - CompB, port, 5060 - CompC, port, 80 Captured Packets: a/ SIP (addr=@1, port=5060) b/ DNS (addr=@1, port=53) c/ SIP (addr=@2, port=5060) d/ HTTP (addr=@1, port=80) Results: a/ Init: CompA, CompB, CompC Eth: CompA, CompB, CompC IP: CompA, CompB, CompC UDP: CompA, CompB Enqueued on CompA and CompB b/ Init: CompA, CompB, CompC Eth: CompA, CompB, CompC IP: CompA, CompB, CompC UDP: CompB Enqueued on CompB c/ Init: CompA, CompB, CompC Eth: CompA, CompB, CompC IP: CompB, CompC UDP: CompB Enqueued on CompB d/ Init: CompA, CompB, CompC Eth: CompA, CompB, CompC IP: CompA, CompB, CompC TCP: CompC * Implement UpperLayer filters: => Explicit Upper Layers are registered using Dispatcher's method AddExplicitUpperLayer(). => Upper Layers can be selected using Upper Layer filters => Dispatcher will transmit current packet to first registered Upper Layer having a matching UL filter. IMPORTANT: null filter (=no filter) always match. As a consequence, registration order is important => Example 1: Configuration: Dispatcher: Ethernet Implicitely registered Upper Layers: IP Dispatcher: IP Implicitely registered Upper Layers: TCP, UDP Captured Packets: a/ Eth-IP-UDP-SIP b/ Eth-IP-TCP-SIP c/ Eth-IP-UDP-DNS Results: a/ Dispatchers called: - Eth - IP - UDP SIP dispatcher no called! b/ Dispatchers called: - Eth - IP - TCP SIP dispatcher no called! (SIP messages not Reassembled !!!) c/ Dispatchers called: - Eth - IP - TCP DNS dispatcher no called! => Example 2: Configuration: Dispatcher: Ethernet Implicitely registered Upper Layers: IP Dispatcher: IP Implicitely registered Upper Layers: TCP, UDP Dispatcher: UDP Explicitely registered Upper Layers: - SIP (Filter: none) - DNS (Filter: port=53) Dispatcher: TCP Explicitely registered Upper Layers: - SIP (Filter: none) Captured Packets: a/ Eth-IP-UDP-SIP b/ Eth-IP-TCP-SIP c/ Eth-IP-UDP-DNS Results: a/ Dispatchers called: - Eth - IP - UDP - SIP b/ Dispatchers called: - Eth - IP - TCP - SIP SIP dispatcher called => SIP messages Reassembled !!! c/ Dispatchers called: - Eth - IP - UDP - SIP DNS dispatcher no called! SIP dispatcher called!!! => first dispatcher with matching filter has been called... Oooops => Example 3: Configuration: Dispatcher: Ethernet Implicitely registered Upper Layers: IP Dispatcher: IP Implicitely registered Upper Layers: TCP, UDP Dispatcher: UDP Explicitely registered Upper Layers: - SIP (Filter: none) - DNS (Filter: port=53) Dispatcher: TCP Explicitely registered Upper Layers: - SIP (Filter: none) Captured Packets: a/ Eth-IP-UDP-SIP b/ Eth-IP-TCP-SIP c/ Eth-IP-UDP-DNS Results: a/ Dispatchers called: - Eth - IP - UDP - SIP b/ Dispatchers called: - Eth - IP - TCP - SIP DNS dispatcher no called (filter does not match) SIP dispatcher called => SIP messages Reassembled !!! c/ Dispatchers called: - Eth - IP - UDP - DNS DNS dispatcher called, OK! * Implement Sip Dissector: => SipDissector should be able to partially parse SIP message in order to get its length and determine if it is complete or need reassembly. => Reassemble should proceed to SIP message reassembly (simple concatenation, as TCP guaranties packet order). => Refer to IpDissector for example of reassembly.