Wireshark-dev: Re: [Wireshark-dev] new plug-in dissector - no packets, displayed when dissector
From: Stuart Marsden <stuart@xxxxxxxxxxxx>
Date: Fri, 01 May 2009 17:10:56 +0100
Hi level dissect code with display filter sslbp -I get just my packetswith display filter sslbp.type==0 or 1 - I get no displayed packets at all , but my printfs come out
thanks
Stuart
dissect_sslbp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
int offset = 0;
proto_tree *sslbp_tree;
proto_item *ti;
proto_tree *header_tree;
proto_item *header_item;
guint16 magic;
guint8 protocol_ver;
int start_offset;
int msglen;
unsigned int frmtyp;
// add stuff to columns in main window
if (check_col(pinfo->cinfo, COL_PROTOCOL))
// set the protcol column
col_set_str(pinfo->cinfo, COL_PROTOCOL, "sslbp");
if (check_col(pinfo->cinfo, COL_INFO))
// clear the info column
col_clear(pinfo->cinfo, COL_INFO);
// basic data
magic = tvb_get_ntohs(tvb, offset + 0);
protocol_ver = tvb_get_guint8(tvb, offset + 2);
frmtyp = tvb_get_guint8(tvb, offset + 3);
msglen = tvb_reported_length_remaining(tvb, offset);
hf_sslbp_type = frmtyp;
printf("disect_sslbp: magic [%x] ver [%x] typ [%x]
length[%d]\n",magic,protocol_ver,frmtyp,msgle
n);
if (magic != MAGIC) {
if (check_col(pinfo->cinfo, COL_INFO))
col_set_str(pinfo->cinfo, COL_INFO, "- bad magic value-");
return;
}
if (check_col(pinfo->cinfo, COL_INFO)) {
/*
* Indicate what kind of message this is.
*/
if ((frmtyp != MYFT_ANNOUNCE) && (frmtyp != MYFT_STATUS))
col_set_str(pinfo->cinfo, COL_INFO, "- Invalid -");
else
col_set_str(pinfo->cinfo,
COL_INFO,val_to_str(frmtyp,frame_type,"Unknown (0x%02x)"))
;
col_append_fstr(pinfo->cinfo, COL_INFO," len=%u", msglen );
}
if (tree == NULL) {
printf("disect_sslbp: No tree");
return;
}
ti = proto_tree_add_item(tree, proto_sslbp, tvb, 0, -1, FALSE);
sslbp_tree = proto_item_add_subtree(ti, ett_sslbp);
proto_item_append_text(sslbp_tree," length: %u bytes", msglen );
if ((frmtyp != MYFT_ANNOUNCE) && (frmtyp != MYFT_STATUS)) {
/*
* Unknown message type.
*/
proto_tree_add_text(sslbp_tree, tvb, offset, msglen, "Data");
printf("disect_sslbp: unknown frame type");
return;
}
// header
header_item = proto_tree_add_text(sslbp_tree, tvb, offset,
MSG_HDR_SZ, "Header");
header_tree = proto_item_add_subtree(header_item, ett_sslbp_header);
proto_tree_add_text(header_tree, tvb, offset, 2,
"Magic: %x", magic);
proto_tree_add_text(header_tree, tvb, offset+2, 1,
"Protocol Version: %x", protocol_ver);
proto_tree_add_text(header_tree, tvb, offset+3, 1,
"Frame type: %s", val_to_str(frmtyp,frame_type,"Unknown (0x%02x)"));
proto_item_append_text(header_tree,"Frame type: %s",
val_to_str(frmtyp,frame_type,"Unknown (0x%0
2x)"));
// announce and status frames
start_offset = offset;
offset += MSG_HDR_SZ;
switch (frmtyp) {
case MYFT_ANNOUNCE:
offset = decode_announce(tvb, offset,pinfo, sslbp_tree);
break;
case MYFT_STATUS:
offset = decode_status(tvb, offset, pinfo,sslbp_tree);
break;
default:
break;
}
return;
}
> Hi,> > I am new to WS development, I now have a plugin which works well. > > however if I select "sslbp.frametype" in the display filter , I can > select "Status" in the predefined values > > however: > > my printfs appear on the console, for both frametypes but no packets are > displayed > > I know I must be doing something stupid, but I cant get this to work
Can you show the code where you're adding the frame type to the tree (the proto_tree_add_*([...] hf_sslbp_type [...]) call)?
- Follow-Ups:
- Prev by Date: [Wireshark-dev] Issues with creation of new thread
- Next by Date: Re: [Wireshark-dev] Issues with creation of new thread
- Previous by thread: Re: [Wireshark-dev] Issues with creation of new thread
- Next by thread: Re: [Wireshark-dev] new plug-in dissector - no packets, displayed when dissector specific filter applied
- Index(es):