Wireshark mailing list archives
Re: dissection question
From: Brian Oleksa <oleksab () darkcornersoftware com>
Date: Tue, 16 Feb 2010 15:22:24 -0500
Guy / Jaap Yes....thanks for the extra set of eyes. The size of the router name is a 2 byte field. I was only treating it as one byte. That made a big difference. :-) The interface count is the same as the router count. When I highlight interface count...it does give me 04 (which is what I would expect because I know what is in this packet)... but it displays a 0 in the tree. But it does indeed display the correct interface name. And the interface activity is displaying a 01 in the hex dump...but False is displayed. Any thoughts..?? Thanks again for the help..!! Brian *Updated code snippet* //Router Ext: if (code == 1001) { guint8 routercount; guint8 interfacecount; guint16 sizeofinterfacename; guint16 sizeofroutername; guint i; guint k; //router count routercount = tvb_get_guint8(tvb, offset); proto_tree_add_item(helen_sub_tree, hf_helen_routerCount, tvb, offset, 1, FALSE); offset += 1; //Router Data for (i = 0; i < routercount; i++) { nstime_t t; guint64 msecs_since_the_epoch; struct tm *tmp; //Size of router name sizeofroutername = tvb_get_ntohs(tvb, offset); proto_tree_add_item(helen_sub_tree, hf_helen_sizeofRouterName, tvb, offset, 2, FALSE); offset += 2; //Router Name proto_tree_add_item(helen_sub_tree, hf_helen_routername, tvb, offset, sizeofroutername, FALSE); offset += sizeofroutername; //status proto_tree_add_uint(helen_sub_tree, hf_helen_routerstatus, tvb, offset, 1, FALSE); offset += 1; //update time msecs_since_the_epoch = tvb_get_ntoh64(tvb, offset); t.secs = msecs_since_the_epoch / 1000; t.nsecs = (msecs_since_the_epoch % 1000)*1000000; /* milliseconds to nanoseconds */ tmp = gmtime(&t.secs); proto_tree_add_time(helen_sub_tree, hf_helen_time, tvb, offset, 8, &t); offset += 8; //cpu % used proto_tree_add_uint(helen_sub_tree, hf_helen_cpuusage, tvb, offset, 1, FALSE); offset += 1; *//interface count* interfacecount = tvb_get_guint8(tvb, offset); proto_tree_add_uint(helen_sub_tree, hf_helen_interface_count, tvb, offset, 1, FALSE); offset += 1; //Interface Data for (k = 0; k < interfacecount; k++) { //Size of interface name sizeofinterfacename = tvb_get_ntohs(tvb, offset); proto_tree_add_item(helen_sub_tree, hf_helen_sizeofInterfaceName, tvb, offset, 2, FALSE); offset += 2; //Interface Name proto_tree_add_item(helen_sub_tree, hf_helen_interfacename, tvb, offset, sizeofinterfacename, FALSE); offset += sizeofinterfacename; //incoming bytes proto_tree_add_item(helen_sub_tree, hf_helen_incomingBytes, tvb, offset, 4, FALSE); offset += 4; //outgoing bytes proto_tree_add_item(helen_sub_tree, hf_helen_outgoingBytes, tvb, offset, 4, FALSE); offset += 4; *//interface active* proto_tree_add_uint(helen_sub_tree, hf_helen_interfaceActivity, tvb, offset, 1, FALSE); offset += 1; } } } static hf_register_info hf[] = { { &hf_helen_routerCount, { "Router Count", "helen.routerCount", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL}}, { &hf_helen_routerstatus, { "Router Status", "helen.routerStatus", FT_UINT8, BASE_DEC, VALS(helen_router_status), 0x0, NULL, HFILL}}, { &*hf_helen_interfaceActivity*, { "Interface Activity", "helen.interfaceActivity", FT_UINT8, BASE_DEC, VALS(helen_router_interfaceActivity), 0x0, NULL, HFILL}}, { &hf_helen_cpuusage, { "CPU usage", "helen.cpuUages", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL}}, { &*hf_helen_interface_count,* { "Interface count", "helen.interfaceCount", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL}}, { &hf_helen_sizeofRouterName, { "Size of router name", "helen.sizeofRouterName", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}}, { &hf_helen_sizeofInterfaceName, { "Size of Interface Name", "helen.sizeofInterfaceName", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}}, { &hf_helen_time, { "Time", "helen.time", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0, NULL, HFILL}}, { &hf_helen_routername, { "Router Name", "helen.routername", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL}}, { &hf_helen_interfacename, { "Interface Name", "helen.interfaceName", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL}}, { &hf_helen_incomingBytes, { "Incoming Bytes", "helen.incomingBytes", FT_FLOAT, BASE_DEC, NULL, 0x0, NULL, HFILL}}, { &hf_helen_outgoingBytes, { "Outgoing Bytes", "helen.outgoingBytes", FT_FLOAT, BASE_DEC, NULL, 0x0, NULL, HFILL}}, }; static const value_string helen_router_status[] = { { 0, "Good"}, { 1, "Stale / Not Read"}, { 0, NULL} }; static const value_string *helen_router_**interfaceActivity[]* = { { 0, "False"}, { 1, "True"}, { 0, NULL} }; Guy Harris wrote:
On Feb 16, 2010, at 11:18 AM, Brian Oleksa wrote:guint8 sizeofroutername;That should presumably be guint16 sizeofroutername; as, according to https://www.darkcornersoftware.com/confluence/display/open/Minotaur+SA+ROUTER+Plugin+Extension it's a 2-byte field, and...//Size of router name sizeofroutername = tvb_get_guint8(tvb, offset);...that should presumably be tvb_get_ntohs() for the same reason. If you fix that, then I suspect that//Router Name proto_tree_add_item(helen_sub_tree, hf_helen_routername, tvb, offset, sizeofroutername, FALSE); offset += sizeofroutername;will work. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- dissection question Brian Oleksa (Feb 16)
- Re: dissection question Guy Harris (Feb 16)
- Re: dissection question Brian Oleksa (Feb 16)
- Re: dissection question Guy Harris (Feb 16)
- Re: dissection question Brian Oleksa (Feb 16)
- Re: dissection question Jaap Keuter (Feb 16)
- Re: dissection question Guy Harris (Feb 16)