My dissector code is able to detect packets(i can see in protocol column)but its not able to dissect fields of query packet or response packet .Written code taking reference from "foo".
static void dissect_mc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
char st[]=
gint offset = 0;
int packettype;
packettype=classify_mc_packet(pinfo);
col_set_str(pinfo->cinfo, COL_PROTOCOL, "MC");
/* Clear out stuff in the info column */
col_clear(pinfo->cinfo,COL_INFO);
if (packettype==QUERY_PACKET)
{
if (tree)
{/* we are being asked for details */
proto_item *ti = NULL;
proto_tree *mc_tree = NULL;
ti = proto_tree_add_item(tree, proto_mc, tvb, 0, -1, ENC_NA);
mc_tree = proto_item_add_subtree(ti, ett_mc);
proto_tree_add_item(mc_tree, hf_mc_subheader, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
proto_tree_add_item(mc_tree, hf_mc_pcnumber, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
proto_tree_add_item(mc_tree, hf_mc_monitortimer, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
proto_tree_add_item(mc_tree, hf_mc_headdevnumber, tvb, offset, 4, ENC_LITTLE_ENDIAN);
offset += 4;
proto_tree_add_item(mc_tree, hf_mc_devicename, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
proto_tree_add_item(mc_tree, hf_mc_devicepoints, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
proto_tree_add_item(mc_tree, hf_mc_terminator, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
}
}
else if (packettype==RESPONSE_PACKET)
{
if(tree)
{
proto_item *ti = NULL;
proto_tree *mc_tree = NULL;
ti = proto_tree_add_item(tree, proto_mc, tvb, 0, -1, ENC_NA);
mc_tree = proto_item_add_subtree(ti, ett_mc);
proto_tree_add_item(mc_tree, hf_mc_subheader, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
proto_tree_add_item(mc_tree, hf_mc_subheader, tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 2;
}
else return;
}</code></pre><p>other functions seem to be right..what is the mistake in this function?Thanx..</p></div><div id="question-tags" class="tags-container tags"><span class="post-tag tag-link-dissector" rel="tag" title="see questions tagged 'dissector'">dissector</span></div><div id="question-controls" class="post-controls"></div><div class="post-update-info-container"><div class="post-update-info post-update-info-user"><p>asked <strong>16 May '13, 02:26</strong></p><img src="https://secure.gravatar.com/avatar/f48b4f4f35dc1e8a66425e223c958173?s=32&d=identicon&r=g" class="gravatar" width="32" height="32" alt="chin12's gravatar image" /><p><span>chin12</span><br />
6●2●3●7
accept rate: 0%
edited 16 May ‘13, 02:30
SYN-bit ♦♦
17.1k●9●57●245
I debugged the code and found control not entering classify_mc_packet(),dissect_mc() though it enters proto_register_mc and proto_reg_handoff_mc mc.The fn is defined as :
Has anything gone corrupt? I have written it on lines of foo dissector?plz look at the code and help me figure out where's the fault?plz reply soon..
According to the sample code you provided, the classify_mc_packet should be instead:
doesn't make any difference..control is not going inside the bracket..btw..why tvbuff_t tvb and why not packet_info pinfo(as in "foo"protocol)?
Anybody can think of any other reason?The above code had worked once but i modified lateron w/o backup.plzz help soon
Packet_info contains some information on the context of the current packet, while tvb contains the packet itself (that can be accessed via all the tvb_* functions).
In your code you were passing the pinfo pointer to classify_mc_packet without even using it. What was the purpose of this?
It looks like you want to check the subheader value that is in the first byte of the payload. That's why you need the tvb_get_guint8(tvb, 0) call (to retrieve the byte at offset 0). I do not see how classify_mc_packet would not be called IF dissect_mc is being called. As you stated that you can see your "MC" string in the protocol column, it means that dissect_mc is called. If dissect_mc is not called, it means that you did not register your dissector correctly and did not indicate Wireshark when to call it (based on a port number for example,... ).
I highly recommend you to have a read of doc/README.developer document to understand the difference between tvb and packet_info and how to register your dissector.
Agreed and made changes but in vain..here's reqd routines: Debugging shows no control flow inside dissect and classify routine."MC" might be displayed in protocol column due to some plugins added with the source code in the beginning.
void proto_reg_handoff_mc(void) {
} and void proto_register_mc(void) {
}
someone please help..
To help you further please post a) your complete dissector code and b) a sample capture containing your protocol somewhere where others can access them.
Please also bear in mind that any that do help are effectively debugging your code for free.
pascal,you were right..its working..thanks a lot.. Graham,i am really grateful and indebted to people replying here.. Now,i need a litle help.. i am seeing query packet dissections properly but there is no reply packet getting dissected.Morever,the capture does not list any reply packet too..plz check the code above..thanks
A/c above code, for devicename field (2 bytes) i am getting ascii value(numerical)value as devicename :3268(space and D) IF i modify that as proto_tree_add_item(mc_tree, hf_mc_devicename, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; proto_tree_add_item(mc_tree, hf_mc_devicename, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; i get devicename :32 devicename :68
but I want to display as devicename : D FOLLOWED BY SPACE ,i mean how to use FT_STRING feature here ..and in FUNCTION proto_reg_mc,i have { &hf_mc_devicename, { “MC Devicename”, “mc.devicename”, FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } Do i have to modify/write my proto_tree_add_item function(proto.c)?REgisters i am dealing with has single character and 2 character address format .PLeas reply soon..thanx
Simply replace { &hf_mc_devicename, { “MC Devicename”, “mc.devicename”, FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } by { &hf_mc_devicename, { “MC Devicename”, “mc.devicename”, FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } and do proto_tree_add_item(mc_tree, hf_mc_devicename, tvb, offset, 2, ENC_ASCII|ENC_NA);