Ask Your Question
0

NTP - show calculated fields in columns

asked 2020-01-21 15:33:46 +0000

Hi all,

I tried to create columns for NTP protocol fields (see screenshot), but currently output in columns and Packet details pane is different. Is it a way to display readable content (which I see in Packet details plane) in columns?

image description

Wireshark Version 3.2.0 (v3.2.0-0-ge0ed4cfa3d72), Win10x64

Thanks,

Vlad

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-01-21 16:07:41 +0000

Chuckc gravatar image

https://bugs.wireshark.org/bugzilla/s...
"the issue is that tvbparse API is used to parse through all of the parameters, so they don't have their own hf_ variables to do things like assign "human readable" values (and really makes filtering very difficult)"
Formatted for the tree. Populated as UINT32 for column.
https://code.wireshark.org/review/git...

1288         proto_tree_add_uint_format_value(ntp_tree, hf_ntp_rootdispersion, tvb, 8, 4,
1289                 rootdispersion, "%8.6f seconds", rootdispersion_double);


2660                 { &hf_ntp_rootdispersion, {
2661                         "Root Dispersion", "ntp.rootdispersion", FT_UINT32, BASE_DEC,
2662                         NULL, 0, "Total dispersion to the reference clock", HFILL }},
edit flag offensive delete link more

Comments

Ah, ok, thanks for pointing me to the report.

Packet_vlad gravatar imagePacket_vlad ( 2020-01-21 16:16:35 +0000 )edit

To amplify, the description of the root dispersion field:

/* Root Dispersion, 32-bit unsigned fixed-point number indicating
 * the nominal error relative to the primary reference source, in
 * seconds with fraction point between bits 15 and 16.
 */

which is read from the packet as big-endian long (32 bits):

rootdispersion = tvb_get_ntohl(tvb, 8);

which is then converted for display in the packet details to give the nice floating point value

rootdispersion_double = (rootdispersion >> 16) + (rootdispersion & 0xffff) / 65536.0;
proto_tree_add_uint_format_value(ntp_tree, hf_ntp_rootdispersion, tvb, 8, 4,
rootdispersion, "%8.6f seconds", rootdispersion_double);

but the field hf_ntp_rootdispersion is declared as an unsigned 32 bit integer:

{ &hf_ntp_rootdispersion, {
    "Root Dispersion", "ntp.rootdispersion", FT_UINT32, BASE_DEC,
    NULL, 0, "Total dispersion to the reference clock", HFILL }},

which is what's used for the column value in the packet list.

We need either an FT_XXXX type for the "32-bit unsigned fixed-point number with fraction point between bits 15 and 16", or we ...(more)

grahamb gravatar imagegrahamb ( 2020-01-21 18:10:37 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-01-21 15:33:46 +0000

Seen: 78 times

Last updated: Jan 21