maybe studying the code, reading the documentation and looking at
other dissectors will reveal the answer?
On 9/8/06, prashanth joshi <[EMAIL PROTECTED]> wrote:
>
>
> Hi,
> My query is :
> How to add a string i.e. a string which is part of the gtp packet , to the
> tree.
> I feel proto_tree_add_string ( ) wont work becos:
> suppose packet contains an integer value, then val_to_str( ) operates on
> that value and then returns a string. Now proto_tree_add_string ( ) adds
> this string to the
> tree.
> How ever if we have a string itself in the gtp packet, then how we will
> add that string to the tree. Fopr example, the incoming gtp packets are
> supposed to contain the names of the customers. Certainly the names will be
> dynamic and will be varying.
> So we can not use proto_tree_add_string ( ).
> So what may be the solution for this
> regards,
> Prashanth
>
> ronnie sahlberg <[EMAIL PROTECTED]> wrote:
> you MUST use a hf_ field as the second parameter.
>
> you can NOT use NULL since
> 1, NULL is not an integer and is therefore the WRONG type for the
> second parameter and would anyway give you a compiler error if you
> tried.
> 2, there are plenty of examples on how to use hf_fields in the code.
>
>
> please read the other similar dissectors and also the developers guide
> that DOES explain many of these questions.
> Look at other dissectors that do similar things.
>
>
>
>
>
> On 9/7/06, prashanth joshi
> wrote:
> > Hi Anders,
> > thanks.
> > But, as u know i've been trying to write a deceder function
> > So it goes something like this:
> > My_decoder_fun(..........)
> > {
> > proto_tree *my_tree;
> > proto_item *te;
> >
> >
> >
> > te = proto_tree_add_text(tree, tvb, offset, 1,
> > val_to_str(MY_EXT_VAL, gtp_val, "Unknown message"));
> > my_tree = proto_item_add_subtree(te, my_tree);
> >
> > proto_tree_add_item(my_tree, hf_to_be_described, tvb,
> > offset+1, 2, FALSE);
> > .............. .....................................
> > .....................
> > .......................... ...................... .................
> > ......
> > regards,
> > Prashanth
> >
> >
> > }
> > Now i found it difficult to build the definition for hf_to_be_described in
> > the poto_reg_gtp function and in the array hf_register_info hf_gtp[].
> > Hence what i want to know is that, is it possible to have a NULL value as
> > the second argument instead of a hf_ ...........
> > And if a hf_ is very much necessary then how to build it.........
> >
> > Anders Broman wrote:
> > Hi,
> > What you probably want to do is to change the current code to something
> > like:
> > static int
> > decode_gtp_priv_ext(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
> > proto_tree *tree) {
> >
> > guint16 length, ext_id;
> > proto_tree *ext_tree_priv_ext;
> > proto_item *te;
> > tvbuff_t *new_tvb;
> >
> > te = proto_tree_add_text(tree, tvb, offset, 1,
> > val_to_str(GTP_EXT_PRIV_EXT, gtp_val, "Unknown message"));
> > ext_tree_priv_ext = proto_item_add_subtree(te, ett_gtp_ext);
> >
> > offset++;
> > length = tvb_get_ntohs(tvb, offset);
> > proto_tree_add_item(ext_tree_priv_ext, hf_gtp_ext_length, tvb,
> > offset, 2, FALSE);
> > offset = offset+2;
> > if (length >= 2) {
> > ext_id = tvb_get_ntohs(tvb, offset);
> > proto_tree_add_uint(ext_tree_priv_ext, hf_gtp_ext_id, tvb,
> > offset, 2, ext_id);
> > offset = offset+2;
> >
> > /*
> > * XXX - is this always a text string? Or should it be
> > * displayed as hex data?
> > */
> > if (length > 2)
> > proto_tree_add_item(ext_tree_priv_ext,
> > hf_gtp_ext_val, tvb, offset, length-2, FALSE);
> > switch (ext_id){
> > case MY_MANUFACTURER_ID:
> > new_tvb = tvb_new_subset(tvb, offset, length-2,
> > length-2);
> > dissect_private_ext_manufacturer_id(new_twb, pinfo,
> > ext_tree_priv_ext)
> > break;
> > default:
> > break;
> > }
> > }
> >
> > return 3+length;
> > }
> >
> > Brg
> > Anders
> > -----Ursprungligt meddelande-----
> > Från: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] För prashanth joshi
> > Skickat: den 6 september 2006 22:52
> > Till: Developer support list for Wireshark
> > Ämne: Re: [Wireshark-dev] query regarding
> > gtp_handlefuntionanddecoderfunction.
> >
> > Hi Anders,
> > how r u...
> > I have a query Anders.
> > If we consider for example the following statement,
> > proto_tree_add_item(ext_tree_priv_ext, hf_gtp_ext_val, tvb, offset+5,
> > length-2, FALSE);
> >
> > So length-2 bytes of data is added in to tree ,starting from the location
> > number ofset + 5 of tvb.
> > My query is : is it absolutely necessary to have hf_gtp_ext_
> > as the second argument when ever we want to add an item?
> > Can not we do away with it by having a NULL as second argument instead? (
> I
> > found it difficult to understand how the contents of the
> proto_register_gtp
> > array are built)
> > And what would be the limitations if we try to add an item using the
> > proto_tree_add_text( ) instead ?
> > regards,
> > Prashanth
> >
> > "Anders Broman (AL/EAB)" wrote:
> > Hi,
> > The function val_to_str(GTP_EXT_RAI, gtp_val, "Unknown message"));
> > searches the svalue_string gtp-val for a match to GTP_EXT_RAI and if found
> > returns the matching string, in this case
> > "Routing Area Identity" if no match is found it will print "Unknown
> > message".
> >
> > Best regards
> > Anders
> >
> >
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of prashanth joshi
> > Sent: den 6 september 2006 09:25
> > To: Developer support list for Wireshark
> > Subject: Re: [Wireshark-dev] query regarding gtp_handle
> > funtionanddecoderfunction.
> > Hi Anders, thanks.
> > Now the things are much clearer. Now i understand why the return value
> from
> > the decoder function is 3 + length.
> > But yeah in val_to_str(GTP_EXT_XXX, gtp_val, "UNKNOWN") , is the string
> > "UNKNOWN" concatenated with GTP_EXT_XXX and returned ?
> > regards,
> > Prashanth.
> >
> > "Anders Broman (AL/EAB)" wrote:
> > Hi,
> > Are you trying to add something thats defined in 3GPP TS 29.060 or to do
> > someting for a nonstandard extension to the protocol?
> > ( 0x7F is also allready used (define GTP_EXT_CHRG_ID 0x7F)).
> >
> > The code:
> > while (gtpopt[++i].optcode)
> > if (gtpopt[i].optcode == ext_hdr_val)
> > break;
> > offset = offset + (*gtpopt[i].decode)(tvb, offset, pinfo, gtp_tree);
> >
> > Will call the function pointed out by the Extension type (GTP_EXT_XXX)
> with
> > a tvb containing the GTP message and the offset parameter pointing to the
> > Extension type
> > (octet 1 in the IE descriptions of TS 29.060)
> > in the function you'll have to increase offset to pont to the byte you
> want
> > to "access".
> > Best regards
> > Anders
> >
> >
> >
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of prashanth joshi
> > Sent: den 5 september 2006 17:35
> > To: Developer support list for Wireshark
> > Subject: Re: [Wireshark-dev] query regarding gtp_handle funtion
> > anddecoderfunction.
> > Hi Anders,
> > Thanks for the reply.
> > But I'm affraid i did not put the whole thing very clearly.
> > I should have been more specific.
> > Actually i need to have in the define statement the following :
> > #define GTP_EXT_XXX 0x7f /* Satement 1 */
> >
> > and then the ( extension field , function pointer) pair :
> > ( GTP_EXT_XXX My_decode_fun) /* Statement 2 */
> >
> > And then
> > I need to check whether the value of the next byte is 0x30 , in the
> > My_decode_fun(...),
> > and then call decode_XXX(...) function. /* Statement 3 */
> >
> > Now in decode_XXX(...) function shall i include the same code that u have
> > specified in your reply or that needs to be modified?
> > Also after Statement 2 , will the pointer tvb automatically incremented by
> > 1 or i have to explicitly increment it? This i need to know because i need
> > to compare the value 0x30 with the content of the next byte of tvb ( as
> > given in Statement 2 )
> >
> >
> > regards,
> > Prashanth
> >
> >
> >
> > "Anders Broman (AL/EAB)" wrote:
> > Hi,
> > Are you adding decoding of:
> > #define GTP_EXT_OMC_ID 0x8F /* 3G 143 TLV OMC Identity 7.7.42 */
> >
> > If so what you need to do is to add code in
> > Line 4487
> > static int
> > decode_gtp_omc_id(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
> > proto_tree *tree) {
> >
> > guint16 length;
> >
> > length = tvb_get_ntohs(tvb, offset + 1);
> >
> > proto_tree_add_text(tree, tvb, offset, 3+length, "%s length : %u",
> > val_to_str(GTP_EXT_OMC_ID, gtp_val, "Unknown"), length);
> >
> > return 3 + length;
> >
> > }
> >
> > To do the actual decoding.
> > Best regards
> > Anders
> >
> >
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of prashanth joshi
> > Sent: den 5 september 2006 12:06
> > To: [email protected]
> > Subject: [Wireshark-dev] query regarding gtp_handle funtion and
> > decoderfunction.
> > Hi all,
> > I'm adding a decoder for the gtp protocol. My query is :
> > 1 ) So gtp_handle will do the dissection. It refers to the file
> packet_gtp.c
> > .
> > Finds the hex value for example in the following statement :
> > #define GTP_EXT_XXX 0x8f
> > and then if its value in the header matches 0x8f, refers to the (val,
> > decode_fun) pair and then calls decode_fun to handle the decoding.
> > Now my question is : will the pointer tvb ( which is tvb_buff * tvb) be
> > incremented automatically when it enters the function decode_fun ? Or we
> > have to explicitly increment the pointer tvb in the decoder functin to
> > account for the byte containing 0x8f value in the tvb?
> >
> >
> > My other questions are :
> > 2) I'm trying to locate the file containing the definition for the
> function
> > gtp_handle. But I'm not able to find it. Kindly can one please tell me
> where
> > its definition is?
> >
> > 3) Before actually starting the decoding in our decode function what is
> the
> > code that we have to write and what that is for?
> >
> > regards,
> > Prashanth
> >
> > Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small
> > Business. _______________________________________________
> > Wireshark-dev mailing list
> > [email protected]
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
> >
> > Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates
> > starting at 1¢/min. _______________________________________________
> > Wireshark-dev mailing list
> > [email protected]
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
> >
> > Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small
> > Business. _______________________________________________
> > Wireshark-dev mailing list
> > [email protected]
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
> >
> >
> > Do you Yahoo!?
> > Get on board. You're invited to try the new Yahoo! Mail.
> >
> >
> > _______________________________________________
> > Wireshark-dev mailing list
> > [email protected]
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
> >
> >
> > ---------------------------------
> > Stay in the know. Pulse on the new Yahoo.com. Check it out.
> >
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>
> ---------------------------------
> Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+
> countries) for 2¢/min or
> less._______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>
>
> ---------------------------------
> Stay in the know. Pulse on the new Yahoo.com. Check it out.
>
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
