ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] removed functions fast way to find substitutes?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 21 Nov 2014 01:06:43 -0800
On Nov 21, 2014, at 12:48 AM, Semjon <semgo@xxxxxx> wrote:

> One of my current problems is with
> 
> tvb_get_faked_unicode(...)
> 
> which isn't available anymore.
> In my Protocol I have some Ascii-encoded String but which comes as two
> bytes per character. Example:
> {0x0031, 0x0032, 0x0033, 0x0034, 0x0000} in tvb should display in
> GUI/Tree/PacketList as "1234"

If that's truly ASCII-encoded, that would be a significant waste of bytes - you could just use one byte per character for ASCII; if the second byte is always zero, that byte serves no useful purpose.

So I'll assume it's a *superset* of ASCII, and that you mean either "UTF-16 encoded string" or "UCS-2 encoded string" rather than "ASCII-encoded string which comes as two bytes per character".

So:

> I used to call:
> 
> tvb_get_faked_unicode(NULL,tvb, 20, ((tvb_length(tvb)-20)/2),ENC_BIG_ENDIAN)
> 
> and display result as %s in col_append_fstr() or as FT_STRING in
> proto_tree_add_string().
> 
> So could anyone give me a hint, is there a function still available for
> this type of encoding

	tvb_get_string_enc(tvb, {offset}, {length of string}, ENC_UTF_16|ENC_BIG_ENDIAN)

or

	tvb_get_string_enc(tvb, {offset}, {length of string}, ENC_UCS_2|ENC_BIG_ENDIAN)

depending on whether it's UTF-16 (with surrogate pairs to handle Unicode characters that don't fit in 16 bits) or UCS-2 (supporting only characters in the Unicode Basic Multilingual Plane, without surrogate pairs).

Note that tvb_get_string_enc() returns a UTF-8-encoded string; octet sequences that can't be mapped to UTF-8 strings will be replaced by the Unicode "replacement character".

> In general is there a fast/convenient way - other than manually looking
> through the sources after functions that might do what i want - to check
> if this function X is now replaced by function Y.

No.  You could check doc/README.developer, etc. to see if anything is mentioned.

> Other examples I need to replace are:
> abs_time_to_ep_str()

	abs_time_to_str({wmem scope}, ...)

The old "ephemeral" and "session" memory mechanisms are deprecated in favor of the new wmem mechanisms.  The scope that's equivalent to "ephemeral" scope is, I think, packet scope (right, Evan?), so you'd want

	abs_time_to_str(wmem_packet_scope(), ...)

> nstime_delta()

Its replacement is called nstime_delta() and has the exact same arguments. :-)

However, you need to include <wsutil/nstime.h> to get it declared.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube