Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] removed functions fast way to find substitutes?

From: Semjon <semgo@xxxxxx>
Date: Sat, 22 Nov 2014 02:11:17 +0100

Am 21.11.2014 um 23:24 schrieb Pascal Quantin:
> 
> 
> 2014-11-21 17:34 GMT+01:00 Semjon <semgo-S0/GAf8tV78@xxxxxxxxxxxxxxxx
> <mailto:semgo-S0/GAf8tV78@xxxxxxxxxxxxxxxx>>:
> 
> 
> 
>     Am 21.11.2014 um 15:42 schrieb Bill Meier:
>     > On 11/21/2014 9:29 AM, Pascal Quantin wrote:
>     >>
>     >>
>     >> 2014-11-21 14:06 GMT+01:00 Semjon
>     <semgo-S0/GAf8tV78-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx
>     <mailto:GAf8tV78-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx>
>     >> <mailto:semgo-S0
>     <mailto:semgo-S0>/GAf8tV78-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx
>     <mailto:GAf8tV78-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx>>>:
>     >>
>     >>
>     >>
>     >>
>     >>     Am 21.11.2014 um 10:06 schrieb Guy Harris:
>     >>      >
>     >>      > On Nov 21, 2014, at 12:48 AM, Semjon
>     >>     <semgo-S0/GAf8tV78-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx
>     <mailto:GAf8tV78-XMD5yJDbdMReXY1tMh2IBg-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx>
>     >>   
>      <mailto:GAf8tV78-XMD5yJDbdMReXY1tMh2IBg-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx
>     <mailto:GAf8tV78-XMD5yJDbdMReXY1tMh2IBg-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx>>>
>     wrote:
>     >>      >
>     >>      >> One of my current problems is with
>     >>      >>
>     >>      >> tvb_get_faked_unicode(...)
>     >>      >>
>     >>      >> which isn't available anymore.
>     >>      >> In my Protocol I have some Ascii-encoded String but which
>     comes
>     >>     as two
>     >>      >> bytes per character. Example:
>     >>      >> {0x0031, 0x0032, 0x0033, 0x0034, 0x0000} in tvb should
>     display in
>     >>      >> GUI/Tree/PacketList as "1234"
>     >>      >
>     >>      > If that's truly ASCII-encoded, that would be a significant
>     waste
>     >>     of bytes - you could just use one byte per character for
>     ASCII; if
>     >>     the second byte is always zero, that byte serves no useful
>     purpose.
>     >>      >
>     >>      > So I'll assume it's a *superset* of ASCII, and that you mean
>     >>     either "UTF-16 encoded string" or "UCS-2 encoded string"
>     rather than
>     >>     "ASCII-encoded string which comes as two bytes per character".
>     >>      >
>     >>      > So:
>     >>      >
>     >>      >> I used to call:
>     >>      >>
>     >>      >> tvb_get_faked_unicode(NULL,tvb, 20,
>     >>     ((tvb_length(tvb)-20)/2),ENC_BIG_ENDIAN)
>     >>      >>
>     >>      >> and display result as %s in col_append_fstr() or as
>     FT_STRING in
>     >>      >> proto_tree_add_string().
>     >>      >>
>     >>      >> So could anyone give me a hint, is there a function still
>     >>     available for
>     >>      >> this type of encoding
>     >>      >
>     >>      >       tvb_get_string_enc(tvb, {offset}, {length of string},
>     >>     ENC_UTF_16|ENC_BIG_ENDIAN)
>     >>      >
>     >>      > or
>     >>      >
>     >>      >       tvb_get_string_enc(tvb, {offset}, {length of string},
>     >>     ENC_UCS_2|ENC_BIG_ENDIAN)
>     >>      >
>     >>      > depending on whether it's UTF-16 (with surrogate pairs to
>     handle
>     >>     Unicode characters that don't fit in 16 bits) or UCS-2
>     (supporting
>     >>     only characters in the Unicode Basic Multilingual Plane, without
>     >>     surrogate pairs).
>     >>      >
>     >>      > Note that tvb_get_string_enc() returns a UTF-8-encoded string;
>     >>     octet sequences that can't be mapped to UTF-8 strings will be
>     >>     replaced by the Unicode "replacement character".
>     >>      >
>     >>      >> In general is there a fast/convenient way - other than
>     manually
>     >>     looking
>     >>      >> through the sources after functions that might do what i
>     want -
>     >>     to check
>     >>      >> if this function X is now replaced by function Y.
>     >>      >
>     >>      > No.  You could check doc/README.developer, etc. to see if
>     >>     anything is mentioned.
>     >>      >
>     >>      >> Other examples I need to replace are:
>     >>      >> abs_time_to_ep_str()
>     >>      >
>     >>      >       abs_time_to_str({wmem scope}, ...)
>     >>      >
>     >>      > The old "ephemeral" and "session" memory mechanisms are
>     >>     deprecated in favor of the new wmem mechanisms.  The scope that's
>     >>     equivalent to "ephemeral" scope is, I think, packet scope (right,
>     >>     Evan?), so you'd want
>     >>      >
>     >>      >       abs_time_to_str(wmem_packet_scope(), ...)
>     >>      >
>     >>      >> nstime_delta()
>     >>      >
>     >>      > Its replacement is called nstime_delta() and has the exact
>     same
>     >>     arguments. :-)
>     >>      >
>     >>      > However, you need to include <wsutil/nstime.h> to get it
>     declared.
>     >>      >
>     >>
>     >>     Well thanks a lot everybody for helping. I could resolve almost
>     >> all of
>     >>     my Problems with Your help. In fact the "ASCII encoded
>     >> 2-byte-string" is
>     >>     a Unicode String shame on me :-)
>     >>
>     >>     Unfortunately no luck with nstime_delta().
>     >>
>     >>     I already had included  <wsutil/nstime.h>
>     >>
>     >>     My call looks like this:
>     >>
>     >>              proto_item *it;
>     >>              nstime_t ns;
>     >>
>     >>              it=proto_tree_add_uint(xyz_tree, hf_xyz_response_to,
>     tvb,
>     >> 0, 0,
>     >>     xyz_trans->req_frame);
>     >>              PROTO_ITEM_SET_GENERATED(it);
>     >>
>     >>              nstime_delta(&ns, &pinfo->fd->abs_ts,
>     &xyz_trans->req_time);
>     >>              it=proto_tree_add_time(xyz_tree, hf_xyz_response_time,
>     >> tvb, 0,
>     >>     0, &ns);
>     >>              PROTO_ITEM_SET_GENERATED(it);
>     >>
>     >>     It always generates errors LNK2019/LNK1120 ... unresolved
>     external
>     >>     symbol "__imp__nstime_delta" in function ...
>     >>
>     >>     Hope You have an idea here. I'm not really good in finding the
>     >> necessary
>     >>     functions/files to include in such a big project and my
>     search on the
>     >>     www on this was not successful.
>     >>
>     >>
>     >> Hi,
>     >>
>     >> assuming that your proprietary dissector is a plugin, ensure that
>     your
>     >> makefile indicates the path to libwsutil. I guess you are on
>     Windows, so
>     >> your Makefile.nmake file should contain:
>     >>
>     >> !IFDEF ENABLE_LIBWIRESHARK
>     >> LINK_PLUGIN_WITH= ..\..\wsutil\libwsutil.lib
>     >> CFLAGS=$(CFLAGS)
>     >>
>     >>
>     >
>     >
>     > See plugins\ethercat for a dissector which uses nstime_delta()  [in
>     > packet-esl.c].
>     >
>     > Also: proto.h (#included by packet.h) #includes nstime.h so you
>     need not
>     > explicitly include same.
>     >
>     >
>     >
>     >
>     ___________________________________________________________________________
>     > Sent via:    Wireshark-dev mailing list
>     >
>     <wireshark-dev-IZ8446WsY0/dtAWm4Da02A-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx
>     <mailto:dtAWm4Da02A@xxxxxxxxxxxxxxxx>>
>     > Archives:    http://www.wireshark.org/lists/wireshark-dev
>     > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>     >
>     > mailto:wireshark-dev-request-IZ8446WsY0
>     <mailto:wireshark-dev-request-IZ8446WsY0>/dtAWm4Da02A-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx?subject=unsubscribe
>     <http://dtAWm4Da02A-XMD5yJDbdMToUJ55TTLPZA@xxxxxxxxxxxxxxxxxxxx?subject=unsubscribe>
>     >
>     >
> 
>     This is what I have in my Makefile.nmake, all automatic generated:
> 
>     CFLAGS=/WX /DHAVE_CONFIG_H /I../.. $(GLIB_CFLAGS) \
>             /I$(PCAP_DIR)\include -D_U_="" $(LOCAL_CFLAGS)
> 
>     !IFDEF ENABLE_LIBWIRESHARK
>     LINK_PLUGIN_WITH=..\..\epan\libwireshark.lib
>     CFLAGS=/D_NEED_VAR_IMPORT_ $(CFLAGS)
> 
>     if I change it to what You suggested Pascal it throws loads of the
>     LNK2010/LNK1120 errors so I'd rather stick with one of these errors and
>     change it back :-)
> 
>     I'm running windows 7 pro 64 with MSVC2010EE and building the dissector
>     as a dll-plugin win32 variant which worked fine until some wireshark
>     source version.
>     Yesterday I started using Wireshark 1.99.1 which itself without the
>     plugin compiled without problems.
>     Unfortunately I can't remember when nstime_delta startet making problems
>     in my plugin as I didn't need it this bad so I just commented it out for
>     later.
>     I think it startet with the 1.11.x sources...
> 
>     You're right Bill even packet-tcp uses nstime_delta without including
>     nstime.h explicitly. I compared ethercat to my dissector. Only
>     difference I see is that Ethercat includes glib.h in packet-esl.c where
>     nstime_delta is called. I don't include glib.h but it doesn't make a
>     difference if I do I tried it.
> 
>     If there's some additional Info I could provide just tell me as I have
>     no clue where to look at the moment :-(
> 
> 
> Edit Makefile.nmake and replace:
> LINK_PLUGIN_WITH=..\..\epan\libwireshark.lib
> by
> LINK_PLUGIN_WITH=..\..\epan\libwireshark.lib ..\..\wsutil\libwsutil.lib
> 
> Pascal.
> 
> 
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev-IZ8446WsY0/dtAWm4Da02A@xxxxxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request-IZ8446WsY0/dtAWm4Da02A@xxxxxxxxxxxxxxxx?subject=unsubscribe
> 

And this is the solution. Thank You very much!

Best Regards

Semgo