Wireshark-dev: Re: [Wireshark-dev] How to add a string to the tree
From: "Anders Broman \(AL/EAB\)" <anders.broman@xxxxxxxxxxxx>
Date: Fri, 8 Sep 2006 13:05:53 +0200
Hi,
If a field in a protocol is a string the easiest way to add it to the protocol tree is:
 proto_tree_add_item(tree, hf_xx, offset,length, FALSE);
 
Example delaration of corresponding hf item:
{ &hf_gtp_apn,
    { "APN", "gtp.apn", FT_STRING, BASE_NONE,
     NULL, 0, "Access Point Name", HFILL }
},
 
I'm a bit curious as to what has been done to the GTP protocol. You can't just use a currently unused IE type and use it for private purposes
whitout breaking compabillity to other GTP stacks. The proper way to do it is to use the Private extension and put your stuff  there.
 

7.7.46 Private Extension

The Private Extension information element contains vendor specific information. The Extension Identifier is a value

defined in the Private Enterprise number list in the most recent "Assigned Numbers" RFC (RFC 1700 or later).

This is an optional information element that may be included in any GTP Signalling message. A signalling message

may include more than one information element of the Private Extension type.

Best regards

Anders


From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of prashanth joshi
Sent: den 8 september 2006 12:49
To: Developer support list for Wireshark
Subject: [Wireshark-dev] How to add a string to the tree



Hi,
My query is :
How to add a string i.e. a string which is part of the gtp packet , to the tree.
I feel proto_tree_add_string ( )  wont work becos:
suppose packet contains an integer value, then val_to_str( ) operates on that value and then returns a string. Now proto_tree_add_string ( ) adds this string to the
tree.
How ever if we have a string itself in the gtp packet, then how we will add that string to the tree. Fopr example, the incoming gtp packets are supposed to contain the names of the customers. Certainly the names will be dynamic and will be varying.
So we can not use proto_tree_add_string ( ).
So what may be the solution for this
regards,
Prashanth   

ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
you MUST use a hf_ field as the second parameter.

you can NOT use NULL since
1, NULL is not an integer and is therefore the WRONG type for the
second parameter and would anyway give you a compiler error if you
tried.
2, there are plenty of examples on how to use hf_fields in the code.


please read the other similar dissectors and also the developers guide
that DOES explain many of these questions.
Look at other dissectors that do similar things.





On 9/7/06, prashanth joshi wrote:
> Hi Anders,
> thanks.
> But, as u know i've been trying to write a deceder function
> So it goes something like this:
> My_decoder_fun(..........)
> {
> proto_tree *my_tree;
> proto_item *te;
>
>
>
> te = proto_tree_add_text(tree, tvb, offset, 1,
> val_to_str(MY_EXT_VAL, gtp_val, "Unknown message"));
> my_tree = proto_item_add_subtree(te, my_tree);
>
> proto_tree_add_item(my_tree, hf_to_be_described, tvb,
> offset+1, 2, FALSE);
> .............. .....................................
> .....................
> .......................... ...................... .................
> ......
> regards,
> Prashanth
>
>
> }
> Now i found it difficult to build the definition for hf_to_be_described in
> the poto_reg_gtp function and in the array hf_register_info hf_gtp[].
> Hence what i want to know is that, is it possible to have a NULL value as
> the second argument instead of a hf_ ...........
> And if a hf_ is very much necessary then how to build it.........
>
> Anders Broman wrote:
> Hi,
> What you probably want to do is to change the current code to something
> like:
> static int
> decode_gtp_priv_ext(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
> proto_tree *tree) {
>
> guint16 length, ext_id;
> proto_tree *ext_tree_priv_ext;
> proto_item *te;
> tvbuff_t *new_tvb;
>
> te = proto_tree_add_text(tree, tvb, offset, 1,
> val_to_str(GTP_EXT_PRIV_EXT, gtp_val, "Unknown message"));
> ext_tree_priv_ext = proto_item_add_subtree(te, ett_gtp_ext);
>
> offset++;
> length = tvb_get_ntohs(tvb, offset);
> proto_tree_add_item(ext_tree_priv_ext, hf_gtp_ext_length, tvb,
> offset, 2, FALSE);
> offset = offset+2;
> if (length >= 2) {
> ext_id = tvb_get_ntohs(tvb, offset);
> proto_tree_add_uint(ext_tree_priv_ext, hf_gtp_ext_id, tvb,
> offset, 2, ext_id);
> offset = offset+2;
>
> /*
> * XXX - is this always a text string? Or should it be
> * displayed as hex data?
> */
> if (length > 2)
> proto_tree_add_item(ext_tree_priv_ext,
> hf_gtp_ext_val, tvb, offset, length-2, FALSE);
> switch (ext_id){
> case MY_MANUFACTURER_ID:
> new_tvb = tvb_new_subset(tvb, offset, length-2,
> length-2);
> dissect_private_ext_manufacturer_id(new_twb, pinfo,
> ext_tree_priv_ext)
> break;
> default:
> break;
> }
> }
>
> return 3+length;
> }
>
> Brg
> Anders
> -----Ursprungligt meddelande-----
> Från: wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] För prashanth joshi
> Skickat: den 6 september 2006 22:52
> Till: Developer support list for Wireshark
> Ämne: Re: [Wireshark-dev] query regarding
> gtp_handlefuntionanddecoderfunction.
>
> Hi Anders,
> how r u...
> I have a query Anders.
> If we consider for example the following statement,
> proto_tree_add_item(ext_tree_priv_ext, hf_gtp_ext_val, tvb, offset+5,
> length-2, FALSE);
>
> So length-2 bytes of data is added in to tree ,starting from the location
> number ofset + 5 of tvb.
> My query is : is it absolutely necessary to have hf_gtp_ext_
> as the second argument when ever we want to add an item?
> Can not we do away with it by having a NULL as second argument instead? ( I
> found it difficult to understand how the contents of the proto_register_gtp
> array are built)
> And what would be the limitations if we try to add an item using the
> proto_tree_add_text( ) instead ?
> regards,
> Prashanth
>
> "Anders Broman (AL/EAB)" wrote:
> Hi,
> The function val_to_str(GTP_EXT_RAI, gtp_val, "Unknown message"));
> searches the svalue_string gtp-val for a match to GTP_EXT_RAI and if found
> returns the matching string, in this case
> "Routing Area Identity" if no match is found it will print "Unknown
> message".
>
> Best regards
> Anders
>
>
> From: wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of prashanth joshi
> Sent: den 6 september 2006 09:25
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] query regarding gtp_handle
> funtionanddecoderfunction.
> Hi Anders, thanks.
> Now the things are much clearer. Now i understand why the return value from
> the decoder function is 3 + length.
> But yeah in val_to_str(GTP_EXT_XXX, gtp_val, "UNKNOWN") , is the string
> "UNKNOWN" concatenated with GTP_EXT_XXX and returned ?
> regards,
> Prashanth.
>
> "Anders Broman (AL/EAB)" wrote:
> Hi,
> Are you trying to add something thats defined in 3GPP TS 29.060 or to do
> someting for a nonstandard extension to the protocol?
> ( 0x7F is also allready used (define GTP_EXT_CHRG_ID 0x7F)).
>
> The code:
> while (gtpopt[++i].optcode)
> if (gtpopt[i].optcode == ext_hdr_val)
> break;
> offset = offset + (*gtpopt[i].decode)(tvb, offset, pinfo, gtp_tree);
>
> Will call the function pointed out by the Extension type (GTP_EXT_XXX) with
> a tvb containing the GTP message and the offset parameter pointing to the
> Extension type
> (octet 1 in the IE descriptions of TS 29.060)
> in the function you'll have to increase offset to pont to the byte you want
> to "access".
> Best regards
> Anders
>
>
>
> From: wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of prashanth joshi
> Sent: den 5 september 2006 17:35
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] query regarding gtp_handle funtion
> anddecoderfunction.
> Hi Anders,
> Thanks for the reply.
> But I'm affraid i did not put the whole thing very clearly.
> I should have been more specific.
> Actually i need to have in the define statement the following :
> #define GTP_EXT_XXX 0x7f /* Satement 1 */
>
> and then the ( extension field , function pointer) pair :
> ( GTP_EXT_XXX My_decode_fun) /* Statement 2 */
>
> And then
> I need to check whether the value of the next byte is 0x30 , in the
> My_decode_fun(...),
> and then call decode_XXX(...) function. /* Statement 3 */
>
> Now in decode_XXX(...) function shall i include the same code that u have
> specified in your reply or that needs to be modified?
> Also after Statement 2 , will the pointer tvb automatically incremented by
> 1 or i have to explicitly increment it? This i need to know because i need
> to compare the value 0x30 with the content of the next byte of tvb ( as
> given in Statement 2 )
>
>
> regards,
> Prashanth
>
>
>
> "Anders Broman (AL/EAB)" wrote:
> Hi,
> Are you adding decoding of:
> #define GTP_EXT_OMC_ID 0x8F /* 3G 143 TLV OMC Identity 7.7.42 */
>
> If so what you need to do is to add code in
> Line 4487
> static int
> decode_gtp_omc_id(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
> proto_tree *tree) {
>
> guint16 length;
>
> length = tvb_get_ntohs(tvb, offset + 1);
>
> proto_tree_add_text(tree, tvb, offset, 3+length, "%s length : %u",
> val_to_str(GTP_EXT_OMC_ID, gtp_val, "Unknown"), length);
>
> return 3 + length;
>
> }
>
> To do the actual decoding.
> Best regards
> Anders
>
>
> From: wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of prashanth joshi
> Sent: den 5 september 2006 12:06
> To: wireshark-dev@xxxxxxxxxxxxx
> Subject: [Wireshark-dev] query regarding gtp_handle funtion and
> decoderfunction.
> Hi all,
> I'm adding a decoder for the gtp protocol. My query is :
> 1 ) So gtp_handle will do the dissection. It refers to the file packet_gtp.c
> .
> Finds the hex value for example in the following statement :
> #define GTP_EXT_XXX 0x8f
> and then if its value in the header matches 0x8f, refers to the (val,
> decode_fun) pair and then calls decode_fun to handle the decoding.
> Now my question is : will the pointer tvb ( which is tvb_buff * tvb) be
> incremented automatically when it enters the function decode_fun ? Or we
> have to explicitly increment the pointer tvb in the decoder functin to
> account for the byte containing 0x8f value in the tvb?
>
>
> My other questions are :
> 2) I'm trying to locate the file containing the definition for the function
> gtp_handle. But I'm not able to find it. Kindly can one please tell me where
> its definition is?
>
> 3) Before actually starting the decoding in our decode function what is the
> code that we have to write and what that is for?
>
> regards,
> Prashanth
>
> Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small
> Business. _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>
> Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates
> starting at 1¢/min. _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>
> Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small
> Business. _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>
>
> Do you Yahoo!?
> Get on board. You're invited to try the new Yahoo! Mail.
>
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>
>
> ---------------------------------
> Stay in the know. Pulse on the new Yahoo.com. Check it out.
>
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev


Yahoo! Messenger with Voice.
Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less._______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev


Stay in the know. Pulse on the new Yahoo.com. Check it out.