ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Field type for 96 bit integer?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Wed, 20 Jul 2016 11:21:22 +0200
Hi David,

2016-07-20 9:56 GMT+02:00 David Arnold <davida@xxxxxxxxx>:
I’m writing a dissector for a protocol that includes a 96 bit (12 byte) big-endian integer value.

I’d like to display it as a decimal number.  I’m happy to write a BASE_CUSTOM renderer for it, but how should it be described in the hf_register_info array?

In my dissect() function, I have

            proto_tree_add_item(ouch_asx_tree,
                                hf_ouch_asx_match_id,
                                tvb, offset, 12,
                                ENC_BIG_ENDIAN);
            offset += 12;

In the hf_register_info array, I’d have something like

        { &hf_ouch_asx_match_id,
          { "Match ID", "ouch_asx.match_id",
            FT_BYTES, BASE_CUSTOM, CF_FUNC(format_match_id), 0x0, NULL, HFILL }},

except that generates a runtime error:

        Err  Field 'Match ID' (ouch-asx.match_id) has a 'strings' value but is of type FT_BYTES (which is not allowed to have strings)

Quick hint, someone?

You cannot use  BASE_CUSTOM for this use case, as explained in doc/README.dissector:

"BASE_CUSTOM allows one to specify a callback function pointer that will
format the value.

For 32-bit and smaller values, custom_fmt_func_t can be used to declare
the callback function pointer. Specifically, this is defined as:

    void func(gchar *, guint32);

For values larger than 32-bits, custom_fmt_func_64_t can be used to declare
the callback function pointer. Specifically, this is defined as:

    void func(gchar *, guint64);

The first argument is a pointer to a buffer of the ITEM_LABEL_LENGTH size
and the second argument is the value to be formatted.

Both custom_fmt_func_t and custom_fmt_func_64_t are defined in epan/proto.h."

So it can only work with FT_(U_)INTX types.

Instead you probably want to use proto_tree_add_bytes_format_value() taht gives you a full control on what is displayed in the tree.


Regards,
Pascal.

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube