Wireshark-bugs: [Wireshark-bugs] [Bug 6153] Wireshark plugin for CSG2 R6 interface.
Date: Thu, 20 Oct 2011 11:58:20 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6153 --- Comment #21 from Anders Broman <anders.broman@xxxxxxxxxxxx> 2011-10-20 11:58:15 PDT --- > It seems I'm missing a proper conversion from plugin dissector to builtin > dissector conversion. I tried to find the guidelines for built-in dissector on > wireshark.org but there is coding guidelines given for plugin dissector but I > failed to find any detailed guide steps for built-in dissector. Can you please > share any document guide for coding of built-in dissector. There is no difference in how to code the dissection code between a built in dissector and a plugin, see README.developer for advice on how to code and look at other dissectors. > I'm still unable to understand this comments "use the dissector table for CDR:s > in packet-gtp.c". Please share some guidelines for builtin dissector, it will > help me to understand the format. > > Thanks I'm assuming that Cisco implements the GTP part according to 3GPP Specification 3GPP TS 29.060 and as there allready exists a GTP dissctor (packet-gtp.c) there s no need to duplicate that part. Using the trace included in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5972 selecting packet 305 and doing "decode as" GTP the packet dissects as No. Time Source Destination Protocol Info 305 2011-05-20 04:49:09.275221 10.0.43.18 10.0.43.182 GTP Data record transfer request Frame 305: 437 bytes on wire (3496 bits), 437 bytes captured (3496 bits) Ethernet II, Src: Cisco_4d:97:ec (00:23:33:4d:97:ec), Dst: D-Link_a7:95:c3 (00:1e:58:a7:95:c3) Internet Protocol Version 4, Src: 10.0.43.18 (10.0.43.18), Dst: 10.0.43.182 (10.0.43.182) User Datagram Protocol, Src Port: 6000 (6000), Dst Port: 6666 (6666) GPRS Tunneling Protocol Flags: 0x0f Message Type: Data record transfer request (0xf0) Length: 389 Sequence number: 0x04e3 Packet transfer command: Send data record packet (1) Data record packet Length: 384 Number of data records: 4 Data record format: 49 Proprietary or un documented format Which looks ok. Packet-gtp.c register register_dissector_table("gtp.cdr_fmt", "GTP DATA RECORD TYPE", FT_UINT16, BASE_DEC); You coud register in this table for data record type 49(which could be a preference) by doing dissector_add_uint("gtp.cdr_fmt", 49, proto_hsndle_foo); proto_habdle_foo beeing the handle of your dissector. Hmm looking at the GTP code that might currently not work but should be fixed in the GTP dissector. Regards Anders -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
- Prev by Date: [Wireshark-bugs] [Bug 5730] Dissector for HSR and PRP-1
- Next by Date: [Wireshark-bugs] [Bug 6474] CAPv2 decoding: initialDPArgExtension is not well decoded
- Previous by thread: [Wireshark-bugs] [Bug 6153] Wireshark plugin for CSG2 R6 interface.
- Next by thread: [Wireshark-bugs] [Bug 6445] New: Ethernet CFM MAID decode error
- Index(es):
- Get Wireshark
- Download
- Code of Conduct