Ethereal-dev: [Ethereal-dev] more hidden fields
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Tim Potter <tpot@xxxxxxxxx>
Date: Wed, 15 May 2002 13:16:11 +1000
This hidden field business got me thinking. I've made a small change to
the dcerpc init routines which allows you to filter by string names for
dcerpc subcommands.
I've changed dcerpc_init_uuid() to take an extra value - a hf field
which corresponds to the opnum for the subdissector with a value_string
array associated with it. The dcerpc_try_handoff() routine inserts a
hidden field with the value of the dcerpc.op for both the request and
reply. For the spoolss dissector this now means you can do things like
'spoolss.opnum == addprinterdriver' rather than having to look up the
hex value of the opnum for the subcommand.
Here's some selected bits of the diff. I haven't included the value
string array because it's too big and boring.
Tim.
*** packet-dcerpc.c.~1.48.~ Thu May 9 15:07:56 2002
--- packet-dcerpc.c Tue May 14 15:09:11 2002
***************
*** 233,238 ****
--- 233,239 ----
int ett;
gchar *name;
dcerpc_sub_dissector *procs;
+ int hf_opnum_valstr; /* hf value for opnum value strings */
} dcerpc_uuid_value;
static gint
***************
*** 255,261 ****
void
dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver,
! dcerpc_sub_dissector *procs)
{
dcerpc_uuid_key *key = g_malloc (sizeof (*key));
dcerpc_uuid_value *value = g_malloc (sizeof (*value));
--- 256,262 ----
void
dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver,
! dcerpc_sub_dissector *procs, int hf_opnum_valstr)
{
dcerpc_uuid_key *key = g_malloc (sizeof (*key));
dcerpc_uuid_value *value = g_malloc (sizeof (*value));
***************
*** 267,272 ****
--- 268,274 ----
value->ett = ett;
value->name = proto_get_protocol_short_name (proto);
value->procs = procs;
+ value->hf_opnum_valstr = hf_opnum_valstr;
g_hash_table_insert (dcerpc_uuids, key, value);
}
***************
*** 1081,1086 ****
--- 1083,1096 ----
}
}
}
+
+ /* Add a hidden field for opnum which has a valstr associated with it.
+ We can then use this for text fields in the filter string. */
+
+ if (sub_proto->hf_opnum_valstr)
+ proto_tree_add_uint_hidden(sub_tree, sub_proto->hf_opnum_valstr,
+ tvb, 0, 0, opnum);
+
return 0;
}
*** packet-dcerpc-spoolss.c.~1.29.~ Mon May 13 11:27:07 2002
--- packet-dcerpc-spoolss.c Wed May 15 11:42:17 2002
***************
*** 40,45 ****
--- 40,46 ----
/* Global objects */
+ static int hf_spoolss_opnum = -1;
static int hf_spoolss_hnd = -1;
static int hf_spoolss_rc = -1;
static int hf_spoolss_offered = -1;
***************
*** 3917,3922 ****
--- 4225,4233 ----
proto_register_dcerpc_spoolss(void)
{
static hf_register_info hf[] = {
+ { &hf_spoolss_opnum,
+ { "Opnum", "spoolss.opnum", FT_UINT32, BASE_DEC,
+ VALS(spoolss_opnum_vals), 0, "SPOOLSS opnum", HFILL }},
{ &hf_spoolss_hnd,
{ "Context handle", "spoolss.hnd", FT_BYTES, BASE_NONE,
NULL, 0x0, "SPOOLSS policy handle", HFILL }},
***************
*** 4091,4096 ****
/* Register protocol as dcerpc */
dcerpc_init_uuid(proto_dcerpc_spoolss, ett_dcerpc_spoolss,
! &uuid_dcerpc_spoolss, ver_dcerpc_spoolss,
! dcerpc_spoolss_dissectors);
}
--- 4439,4444 ----
/* Register protocol as dcerpc */
dcerpc_init_uuid(proto_dcerpc_spoolss, ett_dcerpc_spoolss,
! &uuid_dcerpc_spoolss, ver_dcerpc_spoolss,
! dcerpc_spoolss_dissectors, hf_spoolss_opnum);
}
- Follow-Ups:
- Re: [Ethereal-dev] more hidden fields
- From: Guy Harris
- Re: [Ethereal-dev] more hidden fields
- Prev by Date: Re: [Ethereal-dev] Re: possibility of lgpl'ing libwiretap.a
- Next by Date: Re: [Ethereal-dev] more hidden fields
- Previous by thread: Re: [Ethereal-dev] Re: possibility of lgpl'ing libwiretap.a
- Next by thread: Re: [Ethereal-dev] more hidden fields
- Index(es):