Wireshark-dev: [Wireshark-dev] Fwd: new dissector for IBM Communication Tools
From: Toralf Förster <toralf.foerster@xxxxxx>
Date: Tue, 5 Sep 2006 15:28:29 +0200
Ehm, now with the attached file ... Playing with wireshark and refreshing my burried C knowledge I created a new dissector for the protocol by shameless copying most of it from packet-daytime.c and others. The protocol itself is simple enough, a simple string as the payload of an udp packet, string parts are divided by a ":". I'm interesting whether the implementation would be ok and what could be make better. Thanks for any reply. -- MfG/Sincerely Toralf Förster
/* packet-ict.c * Routines for ICT packet dissection * Copyright 2006, Toralf Förster <toralf.foerster@xxxxxx> * Copied from packet-daytime.c * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@xxxxxxxxxxxxx> * Copyright 1998 Gerald Combs * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifdef HAVE_CONFIG_H # include "config.h" #endif #include <epan/packet.h> #include <epan/strutil.h> static int proto_ict = -1; static int hf_ict_string = -1; static gint ett_ict = -1; /* This dissector works for UDP IBM Communication Tools packets */ #define ICT_PORT 1510 // we have an UDP packet with a string as a payload like // "name@xxxxxxxxxx:0:0:Hamburg:Hamburg:12345 Germany:12345:DE:" // #define ICT_FIELDS 8 static const char *fields[ICT_FIELDS] = { "Email", "Unknown", "Counter", "City", "Country", "Location", "Postal Code", "Notes Domain" }; static void dissect_ict(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_tree *ict_tree; proto_item *ti; gint offset = 0; const guchar *line; gint next_offset; int linelen; int len; int i; if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, "ICT"); linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); line = tvb_get_ptr(tvb, offset, linelen); if (check_col(pinfo->cinfo, COL_INFO)) { col_add_fstr(pinfo->cinfo, COL_INFO, "%s", pinfo->destport == ICT_PORT ? format_text(line, linelen) : ""); } if (tree) { ti = proto_tree_add_item(tree, proto_ict, tvb, 0, -1, FALSE); ict_tree = proto_item_add_subtree(ti, ett_ict); next_offset = -1; for (i = 0; i < ICT_FIELDS; i++) { offset = next_offset + 1; if ( (next_offset = tvb_pbrk_guint8(tvb,offset,-1,":")) >= linelen) break; len = next_offset - offset; proto_tree_add_text(ict_tree, tvb, offset, len, "%s: %s", fields[i], format_text(tvb_get_ptr(tvb, offset, len), len)); } } } void proto_register_ict(void) { static hf_register_info hf[] = { { &hf_ict_string, { "ICT", "ict.string", FT_STRING, BASE_NONE, NULL, 0x0, "ICT protocol", HFILL }} }; static gint *ett[] = { &ett_ict, }; proto_ict = proto_register_protocol("ICT Protocol", "ICT", "ict"); proto_register_field_array(proto_ict, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); } void proto_reg_handoff_ict(void) { dissector_handle_t ict_handle; ict_handle = create_dissector_handle(dissect_ict, proto_ict); dissector_add("udp.port", ICT_PORT, ict_handle); }
Attachment:
pgpyjTNoB7RLA.pgp
Description: PGP signature
- Follow-Ups:
- Re: [Wireshark-dev] Fwd: new dissector for IBM Communication Tools
- From: Jaap Keuter
- Re: [Wireshark-dev] Fwd: new dissector for IBM Communication Tools
- Prev by Date: [Wireshark-dev] new dissector for IBM Communication Tools
- Next by Date: [Wireshark-dev] Patch for bug 1092 - need review
- Previous by thread: [Wireshark-dev] new dissector for IBM Communication Tools
- Next by thread: Re: [Wireshark-dev] Fwd: new dissector for IBM Communication Tools
- Index(es):