Ask Your Question
0

Format column display

asked 2020-08-23 08:33:02 +0000

yaroni gravatar image

updated 2020-08-23 08:33:55 +0000

I have a dissector written in c

I have information in the packet that is 1 byte

{ &hf_EventType,{ "Event Type", "rtcp_stats.event_type", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }  }

But i display it as a string with the function proto_tree_add_uint_format_value

guint8 EventType = tvb_get_guint8(tvb,nOffset);
proto_tree_add_uint_format_value(rtcp_stats_tree, hf_EventType, tvb,
        nOffset, 1, EventType, "%s",
        (EventType==0 ? "Start":"Stop"))

I want the value in the column to appear as a string and not a number

And i also want the filter to be as a string. For example rtcp_stats.event_type=="Start" For now i can only do rtcp_stats.event_type==0

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2020-08-23 19:43:36 +0000

Guy Harris gravatar image

But i display it as a string with the function proto_tree_add_uint_format_value

Don't do that.

Instead, display it as a string and a number by doing

static const value_string event_type_vals[] = {
    { 0,       "Start" },
    { 1,       "Stop" },
    { 0, NULL },
};

...

{ &hf_EventType,
    { "Event Type", "rtcp_stats.event_type", FT_UINT8, BASE_DEC,
       VALS(event_type_vals), 0x0, NULL, HFILL }  }

and just add it to the protocol tree with

proto_tree_add_item(rtcp_stats_tree, hf_EventType, tvb,
    nOffset, 1, ENC_NA);

and let the Wireshark dissector core do the work of showing it as a string for you.

That will also allow doing

rtcp_stats.event_type=="Start"

in a packet-matching expression.

edit flag offensive delete link more
0

answered 2020-08-23 19:22:38 +0000

grahamb gravatar image

As you have declared the field as FT_UINT8 the field will be displayed and filtered as an unsigned integer.

To have the field displayed as a string, declare a field as a string (FT_STRING) and use proto_tree_add_string() setting the last parameter (value) to point to the appropriate strings in your code. Note that the item is then marked as generated to show that the string doesn't exist in the packet, but is generated from other values:

proto_item *pi = proto_tree_add_string(rtcp_stats_tree, hf_EventTypeString, tvb, nOffset, 1, EventType ? "Stop" : "Start");
proto_item_set_generated(pi);

...

{ &hf_EventTypeString, { "Event Type String", "rtcp_stats.event_type_string", FT_STRING, STR_ASCII, NULL, 0x0, NULL, HFILL }  }
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-08-23 08:33:02 +0000

Seen: 669 times

Last updated: Aug 23 '20