Wireshark-dev: Re: [Wireshark-dev] <Help> How to add fieldname for certain IEs
From: Leon Liu <leon.liu@xxxxxxxxxxxx>
Date: Wed, 14 Jul 2010 15:59:09 +0800
 yeah, now I need to do statistic about MS capability, but I found that it is difficult to extract the filed of MS capabiliy, so I need to develop myself. 
I never try to develop the source code before, so it's headache for me!

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: Wednesday, July 14, 2010 3:32 PM
To: wireshark-dev@xxxxxxxxxxxxx
Subject: Re: [Wireshark-dev] <Help> How to add fieldname for certain IEs

Sake Blok skrev 2010-07-14 08:42:
> On 14 jul 2010, at 04:59, Leon Liu wrote:
>
>    
>> Now what I want to do is extract certain IEs(which involve MS capability) from pcap files via tshark.
>> In my plan, I can achieve it using command 'tshark -r filename.dump -R filter(filter out 'attach request') -T field -e fieldname'.
>> But when I check the fieldname of IEs which I want to extract, I found that the fieldname is null.
>>
>> So my question is how to add fieldname in source code?
>> The picture below shows the stacks of protocols and the IEs within the red ellipse are what I want.
>>
>> Could someone help me to locate which source file I need to modify? And give me an simple example of how to achieve a new field name?
>>      
> The reason is that the dissectors that generate the protocol tree for these protocols use "proto_tree_add_text(...)" for the values you would like to extract. This function is easy to implement, because it does not need all the work of setting up fieldnames. Please read the file README.developer in the source tree to get an idea on how to add fields in Wireshark. It also gives a broader perspective on development for Wireshark. Of course the Developers Guide on the Wireshark website is a good starting point on getting a build environment up and running.
>
> Then, which files to edit, you can search the source repository for the specific items you are after. I use a little alias for that:
>
> alias srcfgrep='fgrep -Ril --include "*.[ch]" --exclude "*svn*" '
>
> which can be used like this:
>
> sake@macsake:~/Wireshark/trunk$ srcfgrep "EGPRS multislot class" * 
> epan/dissectors/packet-bssgp.c epan/dissectors/packet-gsm_a_gm.c 
> sake@macsake:~/Wireshark/trunk$
>
> So these two files contain the code that adds the "EGPRS multislot class" items.
>
>    
Probably the dissection of "MS Radio Access Capability" should be handled in packet-gsm_a_gm.c and packet-bssgp.c made to call that code.
> I hope this gets you on your way :-)
> Cheers,
>
>
> Sake
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list<wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>               
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>    

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe