Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GTP session plugin

From: Pascal Quantin <pascal.quantin () gmail com>
Date: Mon, 2 Nov 2015 17:11:01 +0100
2015-11-02 17:07 GMT+01:00 POZUELO Gloria (BCS/PSD) <gloria.pozuelo () bics com

:



Thank you very much! It worked! I don’t know the utility of the scope
parameter, I’ve set it  to NULL, is it correct?



Setting it to NULL means that you need to manually free the memory (using
wmem_free function) when you are done with it. Other scopes (like packet
scope or file scope for example) are freed automatically when the lifetime
of the pool expires. The validity of the scope depends where you are
putting your code (and you will get an assert if you try to use a memory
scope outside of its valid context). See doc/README.wmem for more
information.

BR,
Pascal.




*From:* wireshark-dev-bounces () wireshark org [mailto:
wireshark-dev-bounces () wireshark org] *On Behalf Of *Pascal Quantin
*Sent:* Monday 2 November 2015 16:29
*To:* Developer support list for Wireshark
*Subject:* Re: [Wireshark-dev] GTP session plugin







2015-11-02 16:20 GMT+01:00 POZUELO Gloria (BCS/PSD) <
gloria.pozuelo () bics com>:

Hello!

I would like to ask you about a problem that I encountered while working
in this development. I need to get the IP dst from the packet information
and convert it to string (char *), but by inspecting the type _address I
can see the data pointer, which I thought it would be the memory address of
the final IP data, but I've checked if this integer correspond with the IP
dst and turned out not to be the expected address. Could you help me with
this matter? Is there a better way to get the IP address from pinfo and
convert it to string?

Thank you very much in advance,

Regards.



Hi Gloria,

you did not indicate us which Wireshark version you are using, but
assuming it's a recent one you are probably interested by the
address_to_str() function found in epan/to_str.h file.

Best regards,

Pascal.

-----Original Message-----
From: Jeff Morriss [mailto:jeff.morriss.ws () gmail com]
Sent: Friday 23 October 2015 20:56
To: Developer support list for Wireshark; POZUELO Gloria (BCS/PSD)
Subject: Re: [Wireshark-dev] GTP session plugin

On 10/22/15 03:43, POZUELO Gloria (BCS/PSD) wrote:

Hi all,

I get in touch with you, since I would like to develop a new plugin
for GTP protocol (V1 and V2 versions). This functionality would
consists of looking for all messages that belongs to the same session.
For
instance: you select from 1 to N Create Session Request or Create PDP
Context and all the information about those sessions will be shown,
this way you could export those specific packets.


It sounds like what you're describing is similar to what another of other
dissectors (like TCP, SCTP, and I think SCCP).  You would basically need to
modify the GTP dissector to build up state which includes information about
each GTP session (similar to the way the TCP dissector builds up state
information about each TCP connection).

I can't really offer any specific advice other than to look at how other
dissectors do it.  If you want a starting point, look at the "tcp.stream"
field (which uniquely identifies a TCP connection that the TCP dissector
has found).  Also you need to be aware that dissectors usually build up
this state only on the first pass through the packets (when
pinfo->fd->flags.visited is FALSE).


________________________________

**** DISCLAIMER****
http://www.bics.com/maildisclaimer/

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: