On Thu, 21 Nov 2002, Paul Smith wrote:
> I am attempting to write my first dissector for Ethereal. The most efficient way that I can work out to do this particular dissector isto define a structure that is the right shape for the elements of the protocol. Then simply assign a pointer of this type to the start of the buffer. Can I do this in Ethereal?
>
> Example:
>
> struct udp
> {
> unsigned short source_port;
> unsigned short destination_port
> unsigned short length;
> unsigned short checksum;
> }
>
> struct udp_header *udp_hdr;
>
> udp_hdr=(struct udp_header*)data_buffer
This will fail if:
- One of the structure members isn't properly aligned on a 32-bit
boundary, and your processor doesn't like that, e.g. SPARC or
MIPS. Alphas and PowerPCs might be subject to this as well.
- Your processor's host byte order differs from network byte order,
e.g. IA32.
Your best bet would be to use the tvb_get_* routines described in
README.developer. For the UDP example above you could do the following:
struct udp_header udp_hdr;
guint offset = <offset to UDP data>;
udp_hdr.source_port = tvb_get_ntohs(tvb, offset);
udp_hdr.destination_port = tvb_get_ntohs(tvb, offset + 2);
udp_hdr.length = tvb_get_ntohs(tvb, offset + 4);
udp_hdr.checksum = tvb_get_ntohs(tvb, offset + 6);
BTW, the existing code in packet-udp.c doesn't do this. Instead it
copies the header data to a struct and copies it again to individual
variables using g_ntohs(). This probably because the UDP dissector was
written before the tvb_get_* routines were introduced and likely needs
to be changed.
> I cannot work out if I can do this (with tvb_get_ptr??). Everything I tried didn't work.
>
> By using this method, if I want to read the UDP source port, I can simply access "udp_hdr->source_port".
>
> For complex protocols, this saves me LOADS of effort using the tvb_get type access mechanisms.
>
> Thanks in advance for any help/advice you can give