Hi Forum,
I am trying to write a dissector for a protocol. I cannot figure out how to display a sub tree PLUS box and sub fields.
I have created a simple example of what I have done.
My protocol has UINT16 message length followed FCOD (UNIT8). I want to use this FCODE as a subtree and have a PLUS box and sub fields, but I have been unable to get it to work.
I am expecting to see
+FOO Protocol
Message Length 1234
+FCODE
FLAGS
Thanks
Stuart
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <epan/packet.h>
#define FOO_PORT 2000
static int hf_header_message_length = -1;
static int hf_header_fcode = -1;
static int hf_fcode_flag = -1;
static int ett_fooheader = -1;
static int ett_foosegment = -1;
static int proto_foo = -1;
// define protocol names, register structure
void proto_register_foo(void)
{
static hf_register_info hf[] = {
{ &hf_header_message_length,
{ "Message Length", "foo.msglength",
FT_UINT16, BASE_DEC,
NULL, 0x0,
NULL, HFILL }
},
{ &hf_header_fcode,
{ "Function Code", "foo.FCode",
FT_UINT8, BASE_HEX,
NULL, 0x0,
NULL, HFILL }
},
{ &hf_fcode_flag,
{ "Fcode Flags", "foo.Fcode.flags",
FT_UINT8, BASE_HEX,
NULL, 0x0,
NULL, HFILL }
}
};
static int *ett[] = {
&ett_fooheader, //foo header
&ett_foosegment
};
proto_foo = proto_register_protocol (
"FOO Potocol", // name
"FOO", // short name
"foo" // abb ref
);
proto_register_field_array(proto_foo, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
static void dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
int offset = 0;
guint8 fcode = 0;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO");
// Clear out stuff in the info column
col_clear(pinfo->cinfo,COL_INFO);
if (tree) { // in case that someone wants to know some details of our protocol
proto_item *ti = NULL;
proto_tree *header_tree = NULL;
ti = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA); // Grab all the data from the TCP Layer
header_tree = proto_item_add_subtree(ti, ett_fooheader);
proto_tree_add_item(header_tree, hf_header_message_length, tvb, offset, 2, ENC_BIG_ENDIAN);
offset +=2;
fcode = tvb_get_guint8(tvb, offset);
if (fcode = 0x00) {
proto_tree *sub_tree = NULL;
sub_tree = proto_item_add_subtree(header_tree, ett_foosegment);
proto_tree_add_item(sub_tree, hf_fcode_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
offset++;
}
}
}
void proto_reg_handoff_foo(void) {
static dissector_handle_t foo_handle;
foo_handle = create_dissector_handle(dissect_foo, proto_foo);
dissector_add_uint("tcp.port", FOO_PORT, foo_handle);
}
asked 04 Dec ‘12, 01:18
StuieNorris
6●5●5●7
accept rate: 0%
edited 04 Dec ‘12, 13:45
Guy Harris ♦♦
17.4k●3●35●196
(Presumably that should be
if (fcode == 0x00), asif (fcode = 0x00)will setfcodeto 0 and return 0 as the result, so the test will always fail. Fun with C….)