search

atomontage / plokami

Common Lisp PCAP Interface
29 stars 7 forks source link

Dissect via libwireshark? #2

Open phmarek opened 4 years ago

phmarek commented 4 years ago

Hi,

do you have plans to add dissection via libwireshark? I'd really like to get a (CONS cell) tree representation of the data that gets displayed in wireshark!

Thanks,

Phil

atomontage commented 4 years ago

Hi Philipp,

I have an update in the works that I will release in a few months that binds more libpcap functions to the point of total coverage and offers additional functionality.

As far as dissecting goes, I use a custom dissector written in Common Lisp, it performs very very well and can be further optimized if one uses the SBCL runtime assembler as a JIT compiler. I may end up releasing that at some point too but not anytime soon I'd say.

I don't like libwireshark for many reasons, so bindings to it won't happen on my end. I entertained writing an automatic parser that could convert a wireshark dissector into a Common Lisp one, once, but it never really went anywhere due to lack of time/interest.

On Thu, 13 Feb 2020 13:48:16 +0000 (UTC), Philipp Marek notifications@github.com wrote:

Hi,

do you have plans to add dissection via libwireshark? I'd really like to get a (CONS cell) tree representation of the data that gets displayed in wireshark!

Thanks,

Phil

phmarek commented 4 years ago

Thanks for the exhaustive answer!

I'm asking about libwireshark because there are already so many dissectors available. While eg. LUA dissectors might be translatable to CL code to dissect within CL, all the stuff in C code won't be available anytime soon - and re-programming all the dissectors feels like a waste of time as well.

(I understand your points; the impedance mismatch with a in-Lisp-process is much smaller, and performance might be even better than with LUA. Still, it's quite a lot of work re-doing the dissectors...)