Thanks for help so far!
I'm now able to find the nodes, but not yet the field information. My code
looks like following (where hfinformation is the return value of routine
proto_registrar_byname("rtp.ssrc"):
static guint32 process_node(proto_item *ptree_node, header_field_info
*hfinformation) {
field_info *finfo;
proto_item *proto_sibling_node;
finfo = PITEM_FINFO(ptree_node);
if (hfinformation==(finfo->hfinfo)) {
call the function to get the rtp.ssrc value
return (this ssrc value);
}
proto_sibling_node = g_node_next_sibling(ptree_node);
if (proto_sibling_node)
process_node(proto_sibling_node, hfinformation);
else
return (-1);
}
The routine now loops between nodes: Frame->Ethernet->Internet Protocol->and
upper layer protocols. How can I get the items or list of one node, let's say
rtp?
Thanks for any advice, Miha.
On Tuesday 16 July 2002 20:44, Guy Harris wrote:
> On Tue, Jul 16, 2002 at 04:57:48PM +0200, Miha Jemec wrote:
> > How would it be now possible the get for example the SSRC information
> > from the RTP header?
>
> Well, there aren't yet any examples of that in Ethereal, but the code in
> "proto_hier_stats.c" can give some hints.
>
> "ph_stats_new()" has something similar to what your main loop, scanning
> through the packets, would do.
>
> "process_frame()" does something similar to what your code above was
> doing, but it uses its own data variables rather than those in the
> "capture_file" structure - you should probably do the same as
> "process_frame()".
>
> "process_tree()" actually scans the protocol tree; "process_node()"
> processes a single node of the tree.
>
> If you want to get a field with a particular name, you'd call
> "proto_registrar_get_byname()", passing it the field name. It returns
> either NULL (if no field with that name exists) or a "header_field_info *"
> for that field.
>
> If, in your routine equivalent to "process_node()" (which you could just
> call "process_node()", as the one in "proto_hier_stats.c" is static),
> you'd compare that "header_field_info *" with "finfo->hfinfo", where
> "finfo" would be "PITEM_FINFO(ptree_node)" and "ptree_node()" would be
> the first argument to your routine. If they're equal, you've found a
> protocol tree node for that field (note that there might be more than
> one such node in a protocol tree, if the dissector can put more than one
> there).
>
> A "field_info" structure has an "fvalue_t *" that points to a structure
> containing the value of the field. If the field is an unsigned integral
> value, as "rtp.ssrc" is, you can call "fvalue_get_integer()" on that
> "fvalue_t", and it'll return a "guint32" that's the value of that field.