Wireshark mailing list archives
Re: dissection question
From: Brian Oleksa <oleksab () darkcornersoftware com>
Date: Tue, 16 Feb 2010 15:22:24 -0500
Guy / Jaap
Yes....thanks for the extra set of eyes. The size of the router name is
a 2 byte field. I was only treating it as one byte.
That made a big difference. :-)
The interface count is the same as the router count. When I highlight
interface count...it does give me 04 (which is what I would expect
because I know what is in this packet)... but it displays a 0 in the tree.
But it does indeed display the correct interface name.
And the interface activity is displaying a 01 in the hex dump...but
False is displayed.
Any thoughts..??
Thanks again for the help..!!
Brian
*Updated code snippet*
//Router Ext:
if (code == 1001) {
guint8 routercount;
guint8 interfacecount;
guint16 sizeofinterfacename;
guint16 sizeofroutername;
guint i;
guint k;
//router count
routercount = tvb_get_guint8(tvb, offset);
proto_tree_add_item(helen_sub_tree,
hf_helen_routerCount, tvb, offset, 1, FALSE);
offset += 1;
//Router Data
for (i = 0; i < routercount; i++) {
nstime_t t;
guint64 msecs_since_the_epoch;
struct tm *tmp;
//Size of router name
sizeofroutername = tvb_get_ntohs(tvb, offset);
proto_tree_add_item(helen_sub_tree,
hf_helen_sizeofRouterName, tvb, offset, 2, FALSE);
offset += 2;
//Router Name
proto_tree_add_item(helen_sub_tree,
hf_helen_routername, tvb, offset, sizeofroutername, FALSE);
offset += sizeofroutername;
//status
proto_tree_add_uint(helen_sub_tree,
hf_helen_routerstatus, tvb, offset, 1, FALSE);
offset += 1;
//update time
msecs_since_the_epoch = tvb_get_ntoh64(tvb, offset);
t.secs = msecs_since_the_epoch / 1000;
t.nsecs = (msecs_since_the_epoch %
1000)*1000000; /* milliseconds to nanoseconds */
tmp = gmtime(&t.secs);
proto_tree_add_time(helen_sub_tree,
hf_helen_time, tvb, offset, 8, &t);
offset += 8;
//cpu % used
proto_tree_add_uint(helen_sub_tree,
hf_helen_cpuusage, tvb, offset, 1, FALSE);
offset += 1;
*//interface count*
interfacecount = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(helen_sub_tree,
hf_helen_interface_count, tvb, offset, 1, FALSE);
offset += 1;
//Interface Data
for (k = 0; k < interfacecount; k++) {
//Size of interface name
sizeofinterfacename = tvb_get_ntohs(tvb,
offset);
proto_tree_add_item(helen_sub_tree,
hf_helen_sizeofInterfaceName, tvb, offset, 2, FALSE);
offset += 2;
//Interface Name
proto_tree_add_item(helen_sub_tree,
hf_helen_interfacename, tvb, offset, sizeofinterfacename, FALSE);
offset += sizeofinterfacename;
//incoming bytes
proto_tree_add_item(helen_sub_tree,
hf_helen_incomingBytes, tvb, offset, 4, FALSE);
offset += 4;
//outgoing bytes
proto_tree_add_item(helen_sub_tree,
hf_helen_outgoingBytes, tvb, offset, 4, FALSE);
offset += 4;
*//interface active*
proto_tree_add_uint(helen_sub_tree,
hf_helen_interfaceActivity, tvb, offset, 1, FALSE);
offset += 1;
}
}
}
static hf_register_info hf[] = {
{ &hf_helen_routerCount,
{ "Router Count", "helen.routerCount", FT_UINT8, BASE_DEC,
NULL, 0x0,
NULL, HFILL}},
{ &hf_helen_routerstatus,
{ "Router Status", "helen.routerStatus", FT_UINT8, BASE_DEC,
VALS(helen_router_status), 0x0,
NULL, HFILL}},
{ &*hf_helen_interfaceActivity*,
{ "Interface Activity", "helen.interfaceActivity", FT_UINT8,
BASE_DEC, VALS(helen_router_interfaceActivity), 0x0,
NULL, HFILL}},
{ &hf_helen_cpuusage,
{ "CPU usage", "helen.cpuUages", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL}},
{ &*hf_helen_interface_count,*
{ "Interface count", "helen.interfaceCount", FT_UINT8,
BASE_DEC, NULL, 0x0,
NULL, HFILL}},
{ &hf_helen_sizeofRouterName,
{ "Size of router name", "helen.sizeofRouterName",
FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL}},
{ &hf_helen_sizeofInterfaceName,
{ "Size of Interface Name", "helen.sizeofInterfaceName",
FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL}},
{ &hf_helen_time,
{ "Time", "helen.time", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
NULL, HFILL}},
{ &hf_helen_routername,
{ "Router Name", "helen.routername", FT_STRING, BASE_NONE,
NULL, 0x0,
NULL, HFILL}},
{ &hf_helen_interfacename,
{ "Interface Name", "helen.interfaceName", FT_STRING,
BASE_NONE, NULL, 0x0,
NULL, HFILL}},
{ &hf_helen_incomingBytes,
{ "Incoming Bytes", "helen.incomingBytes", FT_FLOAT,
BASE_DEC, NULL, 0x0,
NULL, HFILL}},
{ &hf_helen_outgoingBytes,
{ "Outgoing Bytes", "helen.outgoingBytes", FT_FLOAT,
BASE_DEC, NULL, 0x0,
NULL, HFILL}},
};
static const value_string helen_router_status[] = {
{ 0, "Good"},
{ 1, "Stale / Not Read"},
{ 0, NULL}
};
static const value_string *helen_router_**interfaceActivity[]* = {
{ 0, "False"},
{ 1, "True"},
{ 0, NULL}
};
Guy Harris wrote:
On Feb 16, 2010, at 11:18 AM, Brian Oleksa wrote:guint8 sizeofroutername;That should presumably be guint16 sizeofroutername; as, according to https://www.darkcornersoftware.com/confluence/display/open/Minotaur+SA+ROUTER+Plugin+Extension it's a 2-byte field, and...//Size of router name sizeofroutername = tvb_get_guint8(tvb, offset);...that should presumably be tvb_get_ntohs() for the same reason. If you fix that, then I suspect that//Router Name proto_tree_add_item(helen_sub_tree, hf_helen_routername, tvb, offset, sizeofroutername, FALSE); offset += sizeofroutername;will work. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- dissection question Brian Oleksa (Feb 16)
- Re: dissection question Guy Harris (Feb 16)
- Re: dissection question Brian Oleksa (Feb 16)
- Re: dissection question Guy Harris (Feb 16)
- Re: dissection question Brian Oleksa (Feb 16)
- Re: dissection question Jaap Keuter (Feb 16)
- Re: dissection question Guy Harris (Feb 16)