This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Thanks!

I used the private_data method and it worked perfectly.

Another thing i would like to do is register the CIC i got, using proto_register function, to allow me to filter the capture files using cic as criteria.

Is that possible?

Sorry if this is a dumb question, my experience with wireshark is really limited.

What i did to build and show the cic is this:

        cic = pinfo->private_data;

        cic = cic << 8 | tvb_get_guint8(tvb, 0);

        cic_item = proto_tree_add_text(tup_tree, tvb, 0, 0, "CIC: ");

        proto_item_append_text(cic_item, "%d", cic);

Thanks again.

asked 21 May '13, 09:59

Renan's gravatar image

Renan
26448
accept rate: 0%

converted 21 May '13, 10:43

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196


(OK, that's a separate question, so I made it into a separate question; this is a Q&A site, not a forum, so separate questions should be separate. The idea is that somebody who has a particular question can look here to see if it's already been answered and, if so, use the existing answer.)

The CIC appears to be a 16-bit field, displayed in decimal.

Therefore, you should:

  • add to the list of hf_ variables a variable named hf_{protocol}_cic (where {protocol} is the name of your protocol);
  • add to the list of named fields, passed to proto_register_field_array(), an entry

    { &hf_{protocol}_version, 
      { "CIC", "{protocol}.cic", FT_UINT16, BASE_DEC,
        NULL, 0x0, NULL, HFILL }},
    
  • after you've calculated the CIC value by combining the value passed to you by the other protocol and the value extracted from your protocol's data, add it to the protocol tree with proto_tree_add_uint(hf_{protocol}_cic, tup_tree, tab, 0, 0, cic);

And that's it! You might want to pass 0, 1 rather than 0, 0, so that the entry covers the byte from your protocol's data that's used in calculating the CIC, and you might want to do

cic_item = proto_tree_add_uint(hf_{protocol}_cic, tup_tree, tab, 0, 0, cic);
PROTO_ITEM_SET_GENERATED(cic_item);

to flag it as "generated" to indicate that it's not solely derived from your protocol's data.

permanent link

answered 21 May '13, 10:53

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

My original answer-to-a-question-in-a-comment (before Guy wisely converted that comment into this new question; I'm leaving it as a comment because it's mostly redundant with Guy's more-complete answer above):

As the name implies, only protocols should be registered with proto_register(). To make fields filterable you need to add them with proto_tree_add_item() (preferred) or, for example (and which would actually be better in your case), proto_tree_add_uint(). The hf entry is what makes the field filterable.

(As a general note: anything you add to the tree with proto_tree_add_text() is not filterable; therefore that function is strongly discouraged except for some uses as described in README.developer.)

(21 May '13, 11:10) JeffMorriss ♦

Thank you very much Guy and Jeff, for the help. It worked great!

Just a small heads up, the tree argument on proto_tree_add_uint() comes first, like this:

proto_tree_add_uint(hf_{protocol}_cic, tup_tree, tab, 0, 0, cic);

(22 May '13, 05:18) Renan
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×34
×8

question asked: 21 May '13, 09:59

question was seen: 1,558 times

last updated: 22 May '13, 06:04

p​o​w​e​r​e​d by O​S​Q​A