Wireshark · Wireshark-dev: Re: [Wireshark-dev] <Help> How to add fieldname for certain IEs

[Leon Liu <leon.liu@xxxxxxxxxxxx>]

hi,

 

I'v got the patch 33518 and compiled to generate new .exe file(wireshark.exe and tshark.exe).

Then I checked the fieldname of IE 'Revision Level Indicator'.

If I open the .dump file using wireshark, i can catch the fieldname 'gsm_a.gm.rel_lev_ind'.

But when i use command 'tshark -r "gb_link1_05212010_test_00001_20100522012000.dump" -R 'gsm_a.dtap_msg_gmm_type == 0x2' -T fields -e gsm_a.gm.rel_lev_ind | less', nothing could be displayed.

I use command 'tshark -r "gb_link1_05212010_test_00001_20100522012000.dump" -R 'gsm_a.dtap_msg_gmm_type == 0x2' -T pdml | less' to have a close look.

The result is that the field name of 'Revision Level Indicator' is still null.

 

My question is that why the source code of adding new field name can make sense to wireshark.exe but not to tshark.

My goal is using format 'tshark -e fieldname' to output the value of certain IE.

Is there any source code should be modifed to make correlation between tshark and code?

 

 

          <field name="" show=".10..... = 8PSK Power Capability: Power Class E2,
 8PSK modulation capability in uplink" size="1" pos="67" value="cc"/>
          <field name="" show="...0.... = COMPACT Interference Measurement Capab
ility: Not implemented" size="1" pos="67" value="cc"/>
          <field name="" show="....1... = Revision Level Indicator: The ME is Re
lease &apos;99 onwards" size="1" pos="67" value="cc"/>
          <field name="" show=".....1.. = UMTS FDD Radio Access Technology Capab
ility: UMTS FDD supported" size="1" pos="67" value="cc"/>
          <field name="" show="......0. = UMTS 3.84 Mcps TDD Radio Access Techno
logy Capability: UMTS 3.84 Mcps TDD not supported" size="1" pos="67" value="cc"/
>
          <field name="" show=".......0 = CDMA 2000 Radio Access Technology Capa
bility: CDMA 2000 not supported" size="1" pos="67" value="cc"/>

---

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: Wednesday, July 14, 2010 11:10 PM
To: wireshark-dev@xxxxxxxxxxxxx
Subject: Re: [Wireshark-dev] <Help> How to add fieldname for certain IEs

Leon Liu skrev 2010-07-14 15:01:

hi Anders,

 

how to get your fixed patch?

Maybe it's the common sense, but I've set foot in development of wireshark for a short time, so give me some tips.

thank you very mush!

You can follow the link in the commit mail:

http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=33518
Looking more closely at the result bit_offset my be off by one.
I may not have the time to look into that for a while.
Regards
Anders

---

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: Wednesday, July 14, 2010 8:04 PM
To: wireshark-dev@xxxxxxxxxxxxx
Subject: Re: [Wireshark-dev] <Help> How to add fieldname for certain IEs

Leon Liu skrev 2010-07-14 11:11:

hi,

 

Firstly, thank Sake for your useful tips, it works very well.

But another problem blocked my way to succeed. Let me explain it more detail.

 

1. I choose IE 'Revision Level Indicator' for the first attempt.

 

$ fgrep -Ril --include "*.[ch]" --exclude "*svn*" "Revision Level Indicator" *

epan/dissectors/packet-bssgp.c

epan/dissectors/packet-gsm_a_gm.c

 

2. I found source file 'epan/dissectors/packet-bssgp.c' takes charge of dissect the protocol. It has none of business about fieldname. So I don't need to dig out it.

 

3.so I dig into file 'epan/dissectors/packet-gsm_a_gm.c' to find the way to add a field name of 'Revision Level Indicator'. Below shows the code I add.

 

                a. declare the field name I want to add

                /*leon*/

                static int hf_gsm_a_gm_rel_lev_ind = -1;

                /*leon*/

               

                b. replace fuction 'proto_tree_add_text' by 'proto_tree_add_bits_item'-------> I'm not very clear about this part of code, just copy code of other IE.

                /*leon*/

                /*

                * Revision Level Indicator

                */

                bits_needed = 4;

                GET_DATA;

 

                proto_tree_add_bits_item(tf_tree, hf_gsm_a_gm_rel_lev_ind, tvb, bit_offset, 4, FALSE);

                bit_offset+=4;

               

                curr_bits_length -= bits_needed;

                oct <<= bits_needed;

                bits_in_oct -= bits_needed;

                /*leon*/

 

                c. setup fieldname I want to add

                /*leon*/

       

                { &hf_gsm_a_gm_rel_lev_ind,

                { "Revision Level Indicator", "gsm_a.gm.rel_lev_ind",

                  FT_UINT24, BASE_HEX, NULL, 0x0,

                NULL, HFILL }

                },

                /*leon*/

 

4. compile the modified source code and run wireshark to see the result. Below shows the result. It can't be dissected correctly. I doubt part b in red above could cause the problem probably.

 

Could anyone check my fresh code and help me to solve my problem?

You got the length wrong, I Committed a "fixed" patch in revision 33518.
Have a look at it to see how to proceed :-)

Thank you!

 

 

Best Regards

Leon

 

 

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe