Hi, I am trying to extract the fields of a packet and display in a custom menu using C code. Is there a equivalent function which we use in "LUA" local fields = { all_field_infos() } and using a for loop to iterate all the finfo.
Please suggest if any sample file in the dissectors which does this.
Thanks Nandakumar
all_field_infos calls proto_all_finfos()
wslua_field.c:
WSLUA_FUNCTION wslua_all_field_infos(lua_State* L) {
/*
Obtain all fields from the current tree. Note this only gets whatever fields the underlying
dissectors have filled in for this packet at this time - there may be fields applicable to
the packet that simply aren't being filled in because at this time they're not needed for anything.
This function only gets what the C-side code has currently populated, not the full list.
*/
GPtrArray* found;
int items_found = 0;
guint i;
if (! lua_tree || ! lua_tree->tree ) {
WSLUA_ERROR(wslua_all_field_infos,"Cannot be called outside a listener or dissector");
return 0;
}
found = proto_all_finfos(lua_tree->tree);
There are several examples in packet-snort.c:
if (tree != NULL) {
GPtrArray *items = proto_all_finfos(tree);
if (items) {
guint i;
for (i=0; i< items->len; i++) {
field_info *field = (field_info *)g_ptr_array_index(items,i);
Thanks Chuck! I can extract the field_info *fi; fi->hfinfo->name; for each field, but the value for each filed name which is of different data type and not sure how to get the value. Please point to any sample code which extracts value with different data types or maybe a quick hint here is helpful!
From packet-snort.c:
value = fvalue_get_string(&field->value);
Can you use the fvalue_get_xxx() functions in ftypes.c?
Otherwise you will have to get the field type then process the value based on the type.
struct _header_field_info {enum ftenum type; /**< [FIELDTYPE] field type, one of FT_ (from ftypes.h) */
typedef struct field_info {fvalue_t value;
typedef struct _fvalue_t {
typedef struct _fvalue_t {
ftype_t *ftype;
union {
/* Put a few basic types in here */
guint32 uinteger;
gint32 sinteger;
guint64 uinteger64;
gint64 sinteger64;
gdouble floating;
wmem_strbuf_t *strbuf;
GByteArray *bytes;
ipv4_addr_and_mask ipv4;
ipv6_addr_and_prefix ipv6;
e_guid_t guid;
nstime_t time;
protocol_value_t protocol;
guint16 sfloat_ieee_11073;
guint32 float_ieee_11073;
} value;
} fvalue_t;
Asked: 2023-02-27 21:10:20 +0000
Seen: 552 times
Last updated: Feb 28 '23
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
