Is it possible to load an xml file to a custom plugin c dissector?

answered 2021-02-12 10:20:30 +0000

flag of United Kingdom of Great Britain and Northern Ireland

23790 ●4 ●950 ●227 https://www.wireshark.org

Several core dissectors do this, an example is diameter that loads diameter.xml. Look at function dictionary_load().

Note that reading the xml file should be done at dissector start-up, or when a preference is modified, not during dissection, that would kill performance.

edit flag offensive delete link

Comments

Thank you again grahamb! I will immediatly check the function. Yeah the idea was to load some significant values from the xml like the vendorid or the vendortext and compare them to the recieved values.

I hope its okay to ask a second question here. I have an 8 byte timestamp in my data which always starts with byte 3. I wrote a function to catch the timestamp and would like to add it to a tree with proto_item_add_time() this works if i set it directly in the function to a tree called timestamp but i would like to display the timestamp at another tree so i take the return value from the function and put it with proto_add_item() to the tree i want but wireshark won't display it but if i use g_print() i can see that the timestamp came back from my function. Is there a way ...(more)

Robin26689 ( 2021-02-12 10:29:23 +0000 )edit

In general, you can add any proto items as many times as you like, simply use a different tree pointer.

grahamb ( 2021-02-12 10:40:38 +0000 )edit

i have it like that:

static int iol_timestamp(tvbuff_t *tvb)
{
    nstime_t time;

    /* get timestamp */
    times.secs = tvb_get_guint64(tvb, 3, ENC_LITTLE_ENDIAN) / 1000000000ULL;
    times.nsecs = tvb_get_guint64(tvb, 3, ENC_LITTLE_ENDIAN) % 1000000000ULL;

    return time;
}

static int iol_master(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset)
{
    proto_item *iol_master_item = NULL;
    proto_tree *iol_master_tree = NULL;
    nstime_t time;

    /* add tree for actual iolink data (master command, check type) */ 

    iol_master_item = proto_tree_add_item(tree, proto_iolink, tvb, offset, 2, ENC_NA);
    proto_item_append_text(iol_master_item, " M-sequence [Master]");

    /* create a subtree */

    iol_master_tree = proto_item_add_subtree(iol_master_item, ett_iolink_frame);

    /* add bitmask for master command byte -> |r/w (7)| |communication channel (6,5)| |address (4-0)| */

    proto_tree_add_bitmask(iol_master_tree, tvb, offset, hf_iolink_mc, ett_iolink_frame, hf_iolink_mc_bits, ENC_LITTLE_ENDIAN);

    **time = iol_timestamp(tvb);
    proto_tree_add_time(iol_master_tree, hf_iolink_time, tvb, offset, 8, &time);**

    offset += 1; // increment offset (1byte)
...
return offset;
}

but like this no timestamp is displayed beneath the master command bitfield.

So you suggest just to create one more tree pointer, am i getting this right?

Robin26689 ( 2021-02-12 10:53:40 +0000 )edit

iol_timestamp() should return nstime_t, not an int. The rest looks OK.

grahamb ( 2021-02-12 11:36:38 +0000 )edit

yes sure nstime_t instead of int i already changed this in my code. thanks. I will try it again and see if it works.

Robin26689 ( 2021-02-12 11:39:51 +0000 )edit

see more comments

Is it possible to load an xml file to a custom plugin c dissector?

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Is it possible to load an xml file to a custom plugin c dissector? edit

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Is it possible to load an xml file to a custom plugin c dissector?