This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Need help in understanding purpose of following statements in proto_register

0

Hello, I am trying to create a script to document structure of protocol which the disector is discecting. I started working with -> epan_dissectors_packet-gtpv2.c , and parsed that file to get tokens, Can some one please explain the significance/ and usage of the following lines of code ie what exactly is the code doing. (I got idea about Line1, but will still like experts opinion)

Line1

static hf_register_info hf_gtpv2[] = {
    { &hf_gtpv2_spare_half_octet,
      {"Spare half octet", "gtpv2.spare_half_octet",
       FT_UINT8, BASE_DEC, NULL, 0x0,
       NULL, HFILL }
    }

Line2

/* Generated from convert_proto_tree_add_text.pl */
  { &hf_gtpv2_transparent_container, { "Transparent Container", "gtpv2.transparent_container", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},

Line3

static ei_register_info ei[] = {
    { &ei_gtpv2_ie_data_not_dissected, { "gtpv2.ie_data_not_dissected", PI_UNDECODED, PI_NOTE, "IE data not dissected yet", EXPFILL }},

Line4

expert_gtpv2 = expert_register_protocol(proto_gtpv2);
expert_register_field_array(expert_gtpv2, ei, array_length(ei))

Line5

dissector_add_uint("diameter.3gpp", 22, new_create_dissector_handle(dissect_diameter_3gpp_uli, proto_gtpv2));

Line6

gtpv2_priv_ext_dissector_table = register_dissector_table("gtpv2.priv_ext", "GTPv2 PRIVATE EXT", FT_UINT16, BASE_DEC);

asked 10 Jun '15, 12:43

bhardwaj_rajesh's gravatar image

bhardwaj_rajesh
6223
accept rate: 0%

One Answer:

0

I would suggest getting a copy of the Wireshark source code and study the file doc/README.dissector. It is all explained in there, with even more details to be found in the relevant header files.

answered 11 Jun '15, 04:14

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

As Jaap says the header fields and expert info is explained elswehere I think.

Line5

Adds a callback to the disector table "diameter.3gpp" for "number 22" used to do further dissection of 3GPP AVP 22.

Line6

Create a dissector table where dissectors can register callbaks, in this case to dissect IE GTPv2 PRIVATE EXT. The vendor Id is used as the "number". So when a private IE is dissected in GTPv2 the dissector checks if there is a callback forthis vendor and if one is found the vendor specific dissector is called to dissect this vendor specified IE. No vendor specific dissectors for GTPv2 exists in the GPL version.

(11 Jun '15, 04:42) Anders ♦

README.dissector can be found here.

(11 Jun '15, 05:16) grahamb ♦