Re: [Wireshark-dev] query regarding gtp_handlefuntionanddecoderfunction.
Hi Anders, thanks. But, as u know i've been trying to write a deceder function So it goes something like this: My_decoder_fun(..) { proto_tree *my_tree; proto_item *te; te = proto_tree_add_text(tree, tvb, offset, 1, val_to_str(MY_EXT_VAL, gtp_val, "Unknown message")); my_tree = proto_item_add_subtree(te, my_tree); proto_tree_add_item(my_tree, hf_to_be_described, tvb, offset+1, 2, FALSE); .. . . .. .. . .. regards, Prashanth } Now i found it difficult to build the definition for hf_to_be_described in the poto_reg_gtp function and in the array hf_register_info hf_gtp[]. Hence what i want to know is that, is it possible to have a NULL value as the second argument instead of a hf_... And if a hf_ is very much necessary then how to build it.Anders Broman [EMAIL PROTECTED] wrote: Hi,What you probably want to do is to change the current code to somethinglike:static intdecode_gtp_priv_ext(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,proto_tree *tree) {guint16 length, ext_id;proto_tree *ext_tree_priv_ext;proto_item *te;tvbuff_t *new_tvb;te = proto_tree_add_text(tree, tvb, offset, 1,val_to_str(GTP_EXT_PRIV_EXT, gtp_val, "Unknown message"));ext_tree_priv_ext = proto_item_add_subtree(te, ett_gtp_ext);offset++;length = tvb_get_ntohs(tvb, offset);proto_tree_add_item(ext_tree_priv_ext, hf_gtp_ext_length, tvb,offset, 2, FALSE);offset = offset+2;if (length = 2) {ext_id = tvb_get_ntohs(tvb, offset);proto_tree_add_uint(ext_tree_priv_ext, hf_gtp_ext_id, tvb,offset, 2, ext_id);offset = offset+2;/** XXX - is this always a text string? Or should it be* displayed as hex data?*/if (length 2)proto_tree_add_item(ext_tree_priv_ext,hf_gtp_ext_val, tvb, offset, length-2, FALSE);switch (ext_id){case MY_MANUFACTURER_ID:new_tvb = tvb_new_subset(tvb, offset, length-2,length-2);dissect_private_ext_manufacturer_id(new_twb, pinfo,ext_tree_priv_ext)break;default:break;}}return 3+length;}BrgAnders-Ursprungligt meddelande-Från: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] För prashanth joshiSkickat: den 6 september 2006 22:52Till: Developer support list for WiresharkÄmne: Re: [Wireshark-dev] query regardinggtp_handlefuntionanddecoderfunction.Hi Anders,how r u...I have a query Anders.If we consider for example the following statement,proto_tree_add_item(ext_tree_priv_ext, hf_gtp_ext_val, tvb, offset+5,length-2, FALSE);So length-2 bytes of data is added in to tree ,starting from the locationnumber ofset + 5 of tvb.My query is : is it absolutely necessary to have hf_gtp_ext_as the second argument when ever we want to add an item?Can not we do away with it by having a NULL as second argument instead? ( Ifound it difficult to understand how the contents of the proto_register_gtparray are built)And what would be the limitations if we try to add an item using theproto_tree_add_text( )instead ?regards,Prashanth"Anders Broman (AL/EAB)" <[EMAIL PROTECTED]>wrote:Hi,The function val_to_str(GTP_EXT_RAI, gtp_val, "Unknown message")); searches the svalue_string gtp-val for a match to GTP_EXT_RAI and if foundreturns the matching string, in this case"Routing Area Identity" if no match is found it will print "Unknownmessage".Best regardsAndersFrom: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of prashanth joshiSent: den 6 september 2006 09:25To: Developer support list for WiresharkSubject: Re: [Wireshark-dev] query regarding gtp_handlefuntionanddecoderfunction.Hi Anders, thanks.Now the things are much clearer. Now i understand why the return value fromthe decoder function is 3 + length. But yeah in val_to_str(GTP_EXT_XXX, gtp_val, "UNKNOWN"), is the string"UNKNOWN" concatenated with GTP_EXT_XXX and returned ?regards,Prashanth."Anders Broman (AL/EAB)" <[EMAIL PROTECTED]>wrote:Hi,Are you trying to add something thats defined in3GPP TS 29.060 or to dosometing for a nonstandard extension to the protocol?( 0x7F is also allready used (define GTP_EXT_CHRG_ID0x7F)).The code:while (gtpopt[++i].optcode)if (gtpopt[i].optcode == ext_hdr_val)break;offset = offset + (*gtpopt[i].decode)(tvb, offset, pinfo, gtp_tree);Will call the function pointed out by the Extension type (GTP_EXT_XXX) witha tvb containing the GTP message and the offset parameter pointing to theExtension type(octet 1 in the IE descriptions of TS 29.060)in the function you'll have to increase offset to pont to the byte you wantto "access".Best regardsAndersFrom: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of prashanth joshiSent: den 5 september 2006 17:35To: Developer support list for WiresharkSubject: Re: [Wireshark-dev] query regarding gtp_handle funtionanddecoderfunction.Hi Anders, Thanks for the reply.But I'm affraid i did not put the whole thing very clearly.I should have been more specific.Actually i need to have in the define statement the following : #define GTP_EXT_XXX 0x7f /*
Re: [Wireshark-dev] query regarding gtp_handlefuntionanddecoderfunction.
you MUST use a hf_ field as the second parameter. you can NOT use NULL since 1, NULL is not an integer and is therefore the WRONG type for the second parameter and would anyway give you a compiler error if you tried. 2, there are plenty of examples on how to use hf_fields in the code. please read the other similar dissectors and also the developers guide that DOES explain many of these questions. Look at other dissectors that do similar things. On 9/7/06, prashanth joshi [EMAIL PROTECTED] wrote: Hi Anders, thanks. But, as u know i've been trying to write a deceder function So it goes something like this: My_decoder_fun(..) { proto_tree *my_tree; proto_item *te; te = proto_tree_add_text(tree, tvb, offset, 1, val_to_str(MY_EXT_VAL, gtp_val, Unknown message)); my_tree = proto_item_add_subtree(te, my_tree); proto_tree_add_item(my_tree, hf_to_be_described, tvb, offset+1, 2, FALSE); .. . . .. .. . .. regards, Prashanth } Now i found it difficult to build the definition for hf_to_be_described in the poto_reg_gtp function and in the array hf_register_info hf_gtp[]. Hence what i want to know is that, is it possible to have a NULL value as the second argument instead of a hf_ ... And if a hf_ is very much necessary then how to build it. Anders Broman [EMAIL PROTECTED] wrote: Hi, What you probably want to do is to change the current code to something like: static int decode_gtp_priv_ext(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree) { guint16 length, ext_id; proto_tree *ext_tree_priv_ext; proto_item *te; tvbuff_t *new_tvb; te = proto_tree_add_text(tree, tvb, offset, 1, val_to_str(GTP_EXT_PRIV_EXT, gtp_val, Unknown message)); ext_tree_priv_ext = proto_item_add_subtree(te, ett_gtp_ext); offset++; length = tvb_get_ntohs(tvb, offset); proto_tree_add_item(ext_tree_priv_ext, hf_gtp_ext_length, tvb, offset, 2, FALSE); offset = offset+2; if (length = 2) { ext_id = tvb_get_ntohs(tvb, offset); proto_tree_add_uint(ext_tree_priv_ext, hf_gtp_ext_id, tvb, offset, 2, ext_id); offset = offset+2; /* * XXX - is this always a text string? Or should it be * displayed as hex data? */ if (length 2) proto_tree_add_item(ext_tree_priv_ext, hf_gtp_ext_val, tvb, offset, length-2, FALSE); switch (ext_id){ case MY_MANUFACTURER_ID: new_tvb = tvb_new_subset(tvb, offset, length-2, length-2); dissect_private_ext_manufacturer_id(new_twb, pinfo, ext_tree_priv_ext) break; default: break; } } return 3+length; } Brg Anders -Ursprungligt meddelande- Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] För prashanth joshi Skickat: den 6 september 2006 22:52 Till: Developer support list for Wireshark Ämne: Re: [Wireshark-dev] query regarding gtp_handlefuntionanddecoderfunction. Hi Anders, how r u... I have a query Anders. If we consider for example the following statement, proto_tree_add_item(ext_tree_priv_ext, hf_gtp_ext_val, tvb, offset+5, length-2, FALSE); So length-2 bytes of data is added in to tree ,starting from the location number ofset + 5 of tvb. My query is : is it absolutely necessary to have hf_gtp_ext_ as the second argument when ever we want to add an item? Can not we do away with it by having a NULL as second argument instead? ( I found it difficult to understand how the contents of the proto_register_gtp array are built) And what would be the limitations if we try to add an item using the proto_tree_add_text( ) instead ? regards, Prashanth Anders Broman (AL/EAB) wrote: Hi, The function val_to_str(GTP_EXT_RAI, gtp_val, Unknown message)); searches the svalue_string gtp-val for a match to GTP_EXT_RAI and if found returns the matching string, in this case Routing Area Identity if no match is found it will print Unknown message. Best regards Anders From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of prashanth joshi Sent: den 6 september 2006 09:25 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] query regarding gtp_handle funtionanddecoderfunction. Hi Anders, thanks. Now the things are much clearer. Now i understand why the return value from the decoder function is 3 + length. But yeah inval_to_str(GTP_EXT_XXX, gtp_val, UNKNOWN) , is the string UNKNOWN concatenated with GTP_EXT_XXX and returned ? regards, Prashanth. Anders Broman (AL/EAB) wrote: Hi, Are you trying to add something thats defined in 3GPP TS 29.060 or to do someting for a nonstandard extension to the protocol? ( 0x7F is also allready used (define GTP_EXT_CHRG_ID 0x7F)). The code: while (gtpopt[++i].optcode) if (gtpopt[i].optcode == ext_hdr_val) break; offset = offset + (*gtpopt[i].decode)(tvb, offset, pinfo, gtp_tree
Re: [Wireshark-dev] query regarding gtp_handlefuntionanddecoderfunction.
Hi, What you probably want to do is to change the current code to something like: static int decode_gtp_priv_ext(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree) { guint16 length, ext_id; proto_tree *ext_tree_priv_ext; proto_item *te; tvbuff_t *new_tvb; te = proto_tree_add_text(tree, tvb, offset, 1, val_to_str(GTP_EXT_PRIV_EXT, gtp_val, Unknown message)); ext_tree_priv_ext = proto_item_add_subtree(te, ett_gtp_ext); offset++; length = tvb_get_ntohs(tvb, offset); proto_tree_add_item(ext_tree_priv_ext, hf_gtp_ext_length, tvb, offset, 2, FALSE); offset = offset+2; if (length = 2) { ext_id = tvb_get_ntohs(tvb, offset); proto_tree_add_uint(ext_tree_priv_ext, hf_gtp_ext_id, tvb, offset, 2, ext_id); offset = offset+2; /* * XXX - is this always a text string? Or should it be * displayed as hex data? */ if (length 2) proto_tree_add_item(ext_tree_priv_ext, hf_gtp_ext_val, tvb, offset, length-2, FALSE); switch (ext_id){ case MY_MANUFACTURER_ID: new_tvb = tvb_new_subset(tvb, offset, length-2, length-2); dissect_private_ext_manufacturer_id(new_twb, pinfo, ext_tree_priv_ext) break; default: break; } } return 3+length; } Brg Anders -Ursprungligt meddelande- Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] För prashanth joshi Skickat: den 6 september 2006 22:52 Till: Developer support list for Wireshark Ämne: Re: [Wireshark-dev] query regarding gtp_handlefuntionanddecoderfunction. Hi Anders, how r u... I have a query Anders. If we consider for example the following statement, proto_tree_add_item(ext_tree_priv_ext, hf_gtp_ext_val, tvb, offset+5, length-2, FALSE); So length-2 bytes of data is added in to tree ,starting from the location number ofset + 5 of tvb. My query is : is it absolutely necessary to have hf_gtp_ext_ as the second argument when ever we want to add an item? Can not we do away with it by having a NULL as second argument instead? ( I found it difficult to understand how the contents of the proto_register_gtp array are built) And what would be the limitations if we try to add an item using the proto_tree_add_text( ) instead ? regards, Prashanth Anders Broman (AL/EAB) [EMAIL PROTECTED] wrote: Hi, The function val_to_str(GTP_EXT_RAI, gtp_val, Unknown message)); searches the svalue_string gtp-val for a match to GTP_EXT_RAI and if found returns the matching string, in this case Routing Area Identity if no match is found it will print Unknown message. Best regards Anders From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of prashanth joshi Sent: den 6 september 2006 09:25 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] query regarding gtp_handle funtionanddecoderfunction. Hi Anders, thanks. Now the things are much clearer. Now i understand why the return value from the decoder function is 3 + length. But yeah in val_to_str(GTP_EXT_XXX, gtp_val, UNKNOWN) , is the string UNKNOWN concatenated with GTP_EXT_XXX and returned ? regards, Prashanth. Anders Broman (AL/EAB) [EMAIL PROTECTED] wrote: Hi, Are you trying to add something thats defined in 3GPP TS 29.060 or to do someting for a nonstandard extension to the protocol? ( 0x7F is also allready used (define GTP_EXT_CHRG_ID 0x7F)). The code: while (gtpopt[++i].optcode) if (gtpopt[i].optcode == ext_hdr_val) break; offset = offset + (*gtpopt[i].decode)(tvb, offset, pinfo, gtp_tree); Will call the function pointed out by the Extension type (GTP_EXT_XXX) with a tvb containing the GTP message and the offset parameter pointing to the Extension type (octet 1 in the IE descriptions of TS 29.060) in the function you'll have to increase offset to pont to the byte you want to access. Best regards Anders From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of prashanth joshi Sent: den 5 september 2006 17:35 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] query regarding gtp_handle funtion anddecoderfunction. Hi Anders, Thanks for the reply. But I'm affraid i did not put the whole thing very clearly. I should have been more specific. Actually i need to have in the define statement the following : #define GTP_EXT_XXX 0x7f /* Satement 1 */ and then the ( extension field , function pointer) pair : ( GTP_EXT_XXX My_decode_fun) /* Statement 2 */ And then I need to check whether the value of the next byte is 0x30 , in the My_decode_fun(...), and then call decode_XXX(...) function. /* Statement 3 */ Now in decode_XXX(...) function shall i include the same code