Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: I have a wireshark dissector question

From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Tue, 12 Apr 2016 07:59:59 -0700
On Tue, Apr 12, 2016 at 7:34 AM, 季红 <jihong_seu () 163 com> wrote:

Dear sir :
        Please excuse me for  I'm taking the liberty of writing to you.   I'
m a chinese. I have a wireshark dissector question which I would like to ask
you.  To make my example as plain

 and interesting as possible,  so I use the example of the official website
:https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html .

Example 9.12. Enhancing the display.

static void
dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
    guint8 packet_type = tvb_get_guint8(tvb, 0);

    col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO");
    /* Clear out stuff in the info column */
    col_clear(pinfo->cinfo,COL_INFO);
    col_add_fstr(pinfo->cinfo, COL_INFO, "Type %s",
             val_to_str(packet_type, packettypenames, "Unknown (0x%02x)"));

    if (tree) { /* we are being asked for details */
        proto_item *ti = NULL;
        proto_tree *foo_tree = NULL;
        gint offset = 0;

        ti = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA);
        proto_item_append_text(ti, ", Type %s",
            val_to_str(packet_type, packettypenames, "Unknown (0x%02x)"));
        foo_tree = proto_item_add_subtree(ti, ett_foo);
        proto_tree_add_item(foo_tree, hf_foo_pdu_type, tvb, offset, 1,
ENC_BIG_ENDIAN);
        offset += 1;
    }
}


1.Suppose there are three packets, then dissect_foo is called many times?


Yes.


2. If I click one row in wireshark 's user interface, then dissect_foo  will
be called many times?


Yes, for some value of many.


3. How can I debug the code slice:


In GDB you can place a breakpoint at the if statement and then single
step. You could also add printf statements. It will be easier, I
suspect, if you do this on Linux or Unix.


    if (tree) { /* we are being asked for details */
        proto_item *ti = NULL;
        proto_tree *foo_tree = NULL;
        gint offset = 0;

        ti = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA);
        proto_item_append_text(ti, ", Type %s",
            val_to_str(packet_type, packettypenames, "Unknown (0x%02x)"));
        foo_tree = proto_item_add_subtree(ti, ett_foo);
        proto_tree_add_item(foo_tree, hf_foo_pdu_type, tvb, offset, 1,
ENC_BIG_ENDIAN);
        offset += 1;
    }


-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: