This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

String manipulation in dissector

0

Hi,

I would know how to extract a string from a packet, manipulate it and display it easily using the wireshark API.

My string has a lenght of 10, I need to put a comma between the 6th and 7th characters and display it in the tree.

asked 03 Apr '11, 12:42

chronidev's gravatar image

chronidev
11557
accept rate: 0%

edited 03 Apr '11, 12:42


One Answer:

1

There's probably a cleaner way to do this, but this is a quick-and-dirty way to accomplish adding these things to the tree as a single string.

proto_item_append_text(item, "%s,%s,%s",
    tvb_get_ephemeral_string(tvb, offset, 6),     /*before the commas */
    tvb_get_ephemeral_string(tvb, offset + 6, 1), /*between the commas */
    tvb_get_ephemeral_string(tvb, offset + 7, 3)) /*after the commas to the end */

If you need to be able to filter one these strings, you'll need to do this differently, obviously, but for now, using tvb_get_ephemeral_string lets you ignore the strings after the call since the data will be copied into the tree, and the buffers will be automatically freed after dissecting the packet has finished. Since you know the length of the string, there's no need to use tvb_get_*_stringz, since those functions are dangerous (there's no guarantee the NULL was sent correctly with the rest of the packet).

These functions are documented in epan/proto.h (proto_item_append_text) and epan/tvbuff.h (tvb_*). If you need a different method of doing this, you should check those files for different functions that might satisfy your requirements.

answered 05 Apr '11, 07:12

multipleinterfaces's gravatar image

multipleinte...
1.3k152340
accept rate: 12%

edited 05 Apr '11, 14:08

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196