Wireshark-dev: Re: [Wireshark-dev] <Help> How to add fieldname for certain IEs
From: Anders Broman <[email protected]>
Date: Wed, 14 Jul 2010 14:03:41 +0200
Leon Liu skrev 2010-07-14 11:11:
Firstly, thank Sake for your useful tips, it works very well.
But another problem blocked my way to succeed. Let me explain it more detail.
1. I choose IE 'Revision Level Indicator' for the first attempt.
$ fgrep -Ril --include "*.[ch]" --exclude "*svn*" "Revision Level Indicator" *
2. I found source file 'epan/dissectors/packet-bssgp.c' takes charge of dissect the protocol. It has none of business about fieldname. So I don't need to dig out it.
3.so I dig into file 'epan/dissectors/packet-gsm_a_gm.c' to find the way to add a field name of 'Revision Level Indicator'. Below shows the code I add.
                a. declare the field name I want to add
                static int hf_gsm_a_gm_rel_lev_ind = -1;
                b. replace fuction 'proto_tree_add_text' by 'proto_tree_add_bits_item'-------> I'm not very clear about this part of code, just copy code of other IE.
                * Revision Level Indicator
                bits_needed = 4;
                proto_tree_add_bits_item(tf_tree, hf_gsm_a_gm_rel_lev_ind, tvb, bit_offset, 4, FALSE);
                curr_bits_length -= bits_needed;
                oct <<= bits_needed;
                bits_in_oct -= bits_needed;
                c. setup fieldname I want to add
                { &hf_gsm_a_gm_rel_lev_ind,
                { "Revision Level Indicator", "gsm_a.gm.rel_lev_ind",
                  FT_UINT24, BASE_HEX, NULL, 0x0,
                NULL, HFILL }
4. compile the modified source code and run wireshark to see the result. Below shows the result. It can't be dissected correctly. I doubt part b in red above could cause the problem probably.
Could anyone check my fresh code and help me to solve my problem?
You got the length wrong, I Committed a "fixed" patch in revision 33518.
Have a look at it to see how to proceed :-)
Thank you!
Best Regards
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe