$Id: TODO,v 1.12 2003/05/28 22:58:46 guy Exp $ Things to do: ============= *) Protocol dispatchers, allowing run-time setting of protocol "chaining" (i.e., UDP port X calls dissector Y) *) Work on packet capturing in wiretap - or just make it a wrapper around libpcap/WinPcap, hiding some of the stuff Ethereal and Tethereal currently have to do independently *) Either as part of the previous item, or as a capture-filter translator that generates "libpcap"-style capture filter expressions, provide a capture filter syntax similar to the display filter syntax. (The syntax differences get in the way of users; the fact that you have to construct some filters by hand, e.g. looking only for initial SYN packets for TCP connections by doing bit-testing of the flags in a TCP header has been a pain for some users; and people have asked for capabilities that aren't conveniently available, or aren't available at all, in "libpcap"-style capture filters: the ability to filter on characteristics of IPX packets; the ability to select, for example, TCP packets with port numbers *greater than* a particular value, which in "libpcap" filters you have to do by explicitly testing subfields of the TCP header rather than doing "tcp.port > 1000"; etc.) *) I just discovered that sshd sets the SSH_CLIENT variable to source IP, sort port, and destination port. That coupled with a destination IP would give us enough information to carry out remote protocol capturing, tcpdump over ssh: ssh remotehost tcpdump -s 2000 -w - filter, where "filter" filters out our own ssh packets (using the infromation from $SSH_CLIENT). Any takers? *) Of course, packet defragmentation. We currently reassemble: IP fragments IPv6 fragments OSI CLNP segments ONC RPC-over-TCP and DCE RPC fragments 802.11 fragments X.25 packets with M set ATP fragments EAP/TLS fragments Fibre Channel fragments Netware NDPS fragments NBF fragments Fragmented SNA BIUs TDS (Sybase/Microsoft SQL Server) fragments WTP fragments. and currently support, for many protocols running atop TCP and the SMB pipe protocol, reassembling the data stream and breaking the resulting stream into higher-level packets. We want to support that for more TCP-based protocols; we might also want to reassemble: NBDS PPP Multilink and possibly other protocols. *) I'd like to someday re-write the display filter routines to have a more powerful syntax. *) More on-line help, and neato things with the protocol tree and right-clicks. *) A GtkClist replacement, with dynamic columns, allowing columns to be added, removed, or moved without having to exit and restart Ethereal. (guy) *) A GUI capture/display filter creator (we have stuff to add fields to display filters, but perhaps something such as what Network Monitor has, to add AND/OR/NOT operators, would be useful) *) Run-time configuration of tunnelling protocols -- display tunnelled protocol as data or as a full-fledged protocol (which subtree do we put it under?) *) Run-time configuration of data shown in capture statistics window. *) A GtkWidget for authors in the About box. We've got a lot of authors! We've currently banished the list of authors to the AUTHORS file and the man page, which may be the right solution here. *) Finish moving GTK-dependent code into gtk/ subdirectory. *) Provide alternative user interfaces, e.g. other toolkits (Qt/KDE, full GNOME, native Windows, native Aqua, etc.) and text-mode "curses". *) Kerberos version 4 dissector - standard krb4 - from tcpdump (nneul); we have krb5, but not krb4 *) Display filters: add regexes to strings and byte ranges