This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to use array fields in a dissector???

0

I am writing a dissector for cluster heartbeat packets for NetScaler. I am facing an issue with a field named LVS. Actually it is a 4 byte integer. But it refers to a set of nodes in the view set. The set can be as big as 32.

So I have used the following code to show all the nodes in the LVS (from the trace)

declare array variable - static int hf_hb_cl_lvs[32];

Register this array variable in the register function.

To display in the tree::

for(i=0; i<31; i++) { if(hf_hb_cl_lvs[i] != 0x00000000) { proto_tree_add_item(.................parameters.................); } offset+=4; }

The issue is that this piece of code adds only the first node from the byte stream to the tree in the display. It does not add any node beyond that.

Please help me with the code here??

Regards, Sidharth

This question is marked "community wiki".

asked 13 Jul '11, 07:02

sid's gravatar image

sid
45192021
accept rate: 0%


One Answer:

0

As indicated in Jaap's answer to your other question, you only need one static int hf_hb_cl_lvs, not an entire array. If you want to track them all separately in your dissection function, then you would need to declare the array at the top of the function, not as static to your dissector (as this indicates the information is shared across all packets of your protocol). To put that into code, it might resemble the following:

static int hf_hb_cl_lvs = -1;

static hf_register_info hf[] = { … {&hf_hb_cl_lvs, {"hb_cl_lvs", "foo.lvs", FT_UINT32, BASE_HEX, NULL, 0x0, "LVS", HFILL}} … }

static void dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { int i = 0; gint offset = 0; guint32 LVS[32];

...

for(i=0; i&lt;32; i++)
{
    LVS[i] = tvb_get_ntohl(tvb, offset);
    if(LVS[i] != 0)
    {
        proto_tree_add_item(tree, hf_hb_cl_lvs, tvb, offset, 4, 0);
    }
    offset += 4;
}

...

}

Obviously you’d need to change this (names, data types, strings, etc.) to make it logically fit your data, but this represents a starting point for similar tasks.

answered 22 Jul ‘11, 06:41

multipleinterfaces's gravatar image

multipleinte…
1.3k152340
accept rate: 12%