Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] getting the time

From: philippe alarcon <philippe.alarcon@xxxxxxx>
Date: Thu, 21 Jan 2010 22:06:32 +0100
Hello Brian,

May be you could implement something like the following :

static gint hf_time = 0;

/* Protocol fields description */
static hf_register_info hf[] =
{
    ...

   { &hf_time,
   { "Date & time       ", "melodhy.time",
      FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},

   ...
};


   /* Add time value in the tree. Displayed as date + time */
   d_d.val_time = tvb_get_ntohl( tvb, d_d.val_data_offset );

   proto_tree_add_string_format_value( melodhy_tree,
       hf_time,
       tvb,
       d_d.val_data_offset,
       L_UINT32,
       "%s",
       abs_time_secs_to_str((time_t)d_d.val_time, FALSE) );


d_d is a structure that I use to memorise some variables.
You have to replace d_d.val_data_offset by your offset,
and to add the field description in your hf structure.

Philippe



> Date: Thu, 21 Jan 2010 14:59:01 -0500
> From: oleksab@xxxxxxxxxxxxxxxxxxxxxx
> To: wireshark-dev@xxxxxxxxxxxxx
> Subject: Re: [Wireshark-dev] getting the time
>
> Guy
>
> I am not sure I follow you. Basically all I do is count packets based on
> what I know is in the packet.
>
> Here is the whole packet that I am dissecting: (See below)
>
> So when I get to Time.. I check for
> if ((fieldsAvail & 2) != 0)
> Then I look at the pointer (which will point me to the right set of bytes).
>
> But how I start the initial counting process is I do the following:
>
> guint8 * ptr = (guint8*) tvb->real_data;
>
> Actually..... maybe you can see your answer better in the code. I have
> attached the packet-helen.c file.
>
> Any help on how I can get and format the time is greatly appreciated.
>
> Thanks,
> Brian
>
>
>
> Field Size Notes Meaning
> Fields Available 1 Each bit of this byte indicates that a
> particular field is available in this message. See table below.
> Status 1/0 GPS status. 0 = Good, 1 = No Fix, 2 = Bad GPS Read
> Time 8/0 GPS Time of the transmitting system. This may be different
> than the system time.
> Longitude 4/0 Longitude in decimal degrees (float)
> Latitude 4/0 Latitude in decimal degrees (float)
> Altitude 4/0 Altitude in decimal meters (float)
> Bearing 4/0 Bearing in decimal degrees from north (float)
> Speed 4/0 Speed in decimal m/s (float)
> Number of Satellites 1/0 Number of satellites current fix is based on
>
> *Note:* Check *Fields Available* to determine if each field is present.
> For floating point fields, the floating point number is written in
> network byte order as if it were a four byte integer.
>
> Bit Mask Field Referenced
> 1 Status
> 2 Time
> 4 Longitude
> 8 Latitude
> 16 Altitude
> 32 Bearing
> 64 Speed
> 128 Number of Satellites
>
>
>
> Guy Harris wrote:
> > On Jan 21, 2010, at 11:25 AM, Brian Oleksa wrote:
> >
> >
> >> It is a pointer into the data that I have constructed based on the data
> >> in the packet.
> >>
> >
> > So what do you have to do to the raw data in the packet to construct that buffer?
> > ___________________________________________________________________________
> > Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> > Archives: http://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> > mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> >


Faites une bonne action avec Bing Solidaire ! C'est ici !