ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Query regarding GTP protocol

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Anders Broman" <a.broman@xxxxxxxxx>
Date: Mon, 25 Sep 2006 16:35:01 +0200

Hi,

I assume GTP’ ( GTP prim) transfers the CDR data in a “Data record packet” those are decoded in the GTP dissector by:

decode_gtp_data_req()

And the actual payload by:

                      if (gtpcdr_handle) {

                                            next_tvb = tvb_new_subset (tvb, offset, -1, -1);

                                            call_dissector (gtpcdr_handle, next_tvb, pinfo, tree);

                      }

                      else

                                            proto_tree_add_text (tree, tvb, offset, 0, "Data");

 

I assume you’ll need to implement a gtpcdr dissector and make it register “as” gtpcdr_handle…

If you could supply a small reference trace it might be easier to assist.

Brg

Anders

 

-----Ursprungligt meddelande-----
Från: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] För prashanth joshi
Skickat: den 24 september 2006 23:21
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] Query regarding GTP protocol

 



Hi,

I need to parse GTP' packet consisting in its message field the GCDR and then SRecord. Srecord is the record defined by us.

Now obviously I need to add code to the ethereal to do this.

I plan to check for the type fields in the pay load of the packet myself and then call the corresponding decoding functions for those fields. This I feel will give me more control on the execution of the code.

Now I would like to know where it would be best to add the code?

Shall I add the parsing code for both the G-CDR and the Srecord in decode_gtp_tr_comm( ........)  function?

In the above function the return value is 2 --- is this the offset returned?

In that case let us assume that I have parsed the contents of the G -CDR and SRecord in the decode_gtp_tr_comm ( ) function. Now, if  I return from the function decode_gtp_tr_comm( )  ---  the value (  2 + number of bytes in G-CDR + the number of bytes in Srecord ) would that be correct?

Or shall i need to add the parsing code in dissect_gtp( ) ?

Which is better?

And if i call from the function,  decode_gtp_tr_com( ), the decoder functions such as decode_gtp_imsi( ) or decode_gtp_msisdn( ) directly would that be correct ?

And one final thing,  now are all the functions to decode each of the fields in G-CDR provided in ethereal or I have to write atleast some of the decoder functions for the parsing of the G-CDR fields ? I have found some of the functions but still have to search for the other functions for decoding the G-CDR fields. How ever for SRecord fields I obviously have to write my own decoder functions

Thanks a lot,

Prashanth

 

 

 

 

All-new Yahoo! Mail - Fire up a more powerful email and get things done faster.

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube