$Id: TODO,v 1.6 1999/12/26 23:52:54 guy Exp $

Things to do:
=============

*) Protocol dispatchers, allowing run-time setting of protocol "chaining"
(i.e., UDP port X calls dissector Y)

*) Loadable modules, closely related to the previous item.  (These are
in the current version in CVS.)

*) Work on packet capturing in wiretap

*) Either as part of the previous item, or as a capture-filter
translator that generates "libpcap"-style capture filter expressions,
provide a capture filter syntax similar to the display filter syntax. 
(The syntax differences get in the way of users; the fact that you have
to construct some filters by hand, e.g.  looking only for initial SYN
packets for TCP connections by doing bit-testing of the flags in a TCP
header has been a pain for some users; and people have asked for
capabilities that aren't conveniently available, or aren't available at
all, in "libpcap"-style capture filters:

	the ability to filter on characteristics of IPX packets;

	the ability to select, for example, TCP packets with port
	numbers *greater than* a particular value, which in "libpcap"
	filters you have to do by explicitly testing subfields of the
	TCP header rather than doing "tcp.port > 1000";

	etc.)

*) I just discovered that sshd sets the SSH_CLIENT variable to source IP,
sort port, and destination port. That coupled with a destination IP
would give us enough information to carry out remote protocol capturing,
tcpdump over ssh:

	ssh remotehost tcpdump -s 2000 -w - filter,

where "filter" filters out our own ssh packets (using the infromation
from $SSH_CLIENT). Any takers?

*) Of course, packet defragmentating. IP, TCP, UDP, etc. need to be
reassembled and re-analyzed.

*) I'd like to someday re-write the display filter routines to have a more
powerful syntax.

*) More on-line help, and neato things with the protocol tree and
right-clicks.

*) A GtkClist replacement, with dynamic columns, allowing columns to be
added, removed, or moved without having to exit and restart Ethereal.

*) A GUI capture/display filter creator.

*) Run-time configuration of tunnelling protocols -- display tunnelled
protocol as data or as a full-fledged protocol (which subtree do we put
it under?)

*) Run-time configuration of data shown in capture statistics window.

*) A GtkWidget for authors in the About box. We've got a lot of authors!
We've currently banished the list of authors to the AUTHORS file and the
man page, which may be the right solution here.

*) Finish moving GTK-dependent code into gtk/ subdirectory.

*) Provide alternative user interfaces, e.g. other toolkits (Qt/KDE,
full GNOME, native Windows, etc.) and text-mode "curses".

*) Perhaps provide a "line-mode" capture program, i.e. one that, like
"tcpdump" and "snoop", captures to a file without displaying anything
other than, perhaps a count of packets captured, or captures and prints
packet summary or detail data to the standard output, or reads a capture
file and prints to the standard output summary or detail data.

*) Display filters: support FT_STRING filters

*) Display filters: allow filtering on "enumerated" data types by name,
i.e. if a field has a "value_string" array associated with it, allow
users to specify the string associated with a value.

*) Display filters: add regexes to strings and byte ranges

*) Krb dissector - standard krb4 - from tcpdump (nneul)

*) Krb5 dissector - from scratch, need to use ASN.1 code (nneul)

*) IRC dissector

*) Make lines in GTK Tree (proto_tree GUI) user-selectable