ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] <Help> How to add fieldname for certain IEs

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Leon Liu <leon.liu@xxxxxxxxxxxx>
Date: Wed, 14 Jul 2010 17:11:38 +0800
hi,
 
Firstly, thank Sake for your useful tips, it works very well.
But another problem blocked my way to succeed. Let me explain it more detail.
 
1. I choose IE 'Revision Level Indicator' for the first attempt.
 
$ fgrep -Ril --include "*.[ch]" --exclude "*svn*" "Revision Level Indicator" *
epan/dissectors/packet-bssgp.c
epan/dissectors/packet-gsm_a_gm.c
 
2. I found source file 'epan/dissectors/packet-bssgp.c' takes charge of dissect the protocol. It has none of business about fieldname. So I don't need to dig out it.
 
3.so I dig into file 'epan/dissectors/packet-gsm_a_gm.c' to find the way to add a field name of 'Revision Level Indicator'. Below shows the code I add.
 
                a. declare the field name I want to add
                /*leon*/
                static int hf_gsm_a_gm_rel_lev_ind = -1;
                /*leon*/
               
                b. replace fuction 'proto_tree_add_text' by 'proto_tree_add_bits_item'-------> I'm not very clear about this part of code, just copy code of other IE.
                /*leon*/
                /*
                * Revision Level Indicator
                */
                bits_needed = 4;
                GET_DATA;
 
                proto_tree_add_bits_item(tf_tree, hf_gsm_a_gm_rel_lev_ind, tvb, bit_offset, 4, FALSE);
                bit_offset+=4;
               
                curr_bits_length -= bits_needed;
                oct <<= bits_needed;
                bits_in_oct -= bits_needed;
                /*leon*/
 
                c. setup fieldname I want to add
                /*leon*/
       
                { &hf_gsm_a_gm_rel_lev_ind,
                { "Revision Level Indicator", "gsm_a.gm.rel_lev_ind",
                  FT_UINT24, BASE_HEX, NULL, 0x0,
                NULL, HFILL }
                },
                /*leon*/
 
4. compile the modified source code and run wireshark to see the result. Below shows the result. It can't be dissected correctly. I doubt part b in red above could cause the problem probably.
 
Could anyone check my fresh code and help me to solve my problem?
Thank you!
 
 
Best Regards
Leon
 
 
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube