Wireshark-dev: [Wireshark-dev] Fwd: new dissector for IBM Communication Tools

From: Toralf Förster <toralf.foerster@xxxxxx>
Date: Tue, 5 Sep 2006 15:28:29 +0200
Ehm, now with the attached file ...

Playing with wireshark and refreshing my burried C knowledge I created a new dissector for the protocol
by shameless copying most of it from packet-daytime.c and others.

The protocol itself is simple enough,  a simple string as the payload of an udp packet, string parts are divided by a ":".
I'm interesting whether the implementation would be ok and what could be make better.

Thanks for any reply.

-- 
MfG/Sincerely
Toralf Förster
/* packet-ict.c
 * Routines for ICT packet dissection
 * Copyright 2006, Toralf Förster <toralf.foerster@xxxxxx>
 * Copied from packet-daytime.c
 *
 * Wireshark - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxxxxxxx>
 * Copyright 1998 Gerald Combs
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#include <epan/packet.h>
#include <epan/strutil.h>

static int proto_ict = -1;
static int hf_ict_string = -1;

static gint ett_ict = -1;

/* This dissector works for UDP IBM Communication Tools packets */
#define ICT_PORT 1510

// we have an UDP packet with a string as a payload like
// "name@xxxxxxxxxx:0:0:Hamburg:Hamburg:12345 Germany:12345:DE:"
//

#define ICT_FIELDS 8
static const char *fields[ICT_FIELDS] = {
	"Email",
	"Unknown",
	"Counter",
	"City",
	"Country",
	"Location",
	"Postal Code",
	"Notes Domain"
};

static void
dissect_ict(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
  proto_tree	*ict_tree;
  proto_item	*ti;

	gint		offset = 0;
	const guchar	*line;
	gint		next_offset;
	int		linelen;
	int		len;
	int		i;

  if (check_col(pinfo->cinfo, COL_PROTOCOL))
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "ICT");

  linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
  line = tvb_get_ptr(tvb, offset, linelen);

  if (check_col(pinfo->cinfo, COL_INFO)) {
    col_add_fstr(pinfo->cinfo, COL_INFO, "%s",
    pinfo->destport == ICT_PORT ? format_text(line, linelen) : "");
  }

  if (tree) {

    ti = proto_tree_add_item(tree, proto_ict, tvb, 0, -1, FALSE);
    ict_tree = proto_item_add_subtree(ti, ett_ict);

    next_offset = -1;
    for (i = 0; i < ICT_FIELDS; i++)	{
      offset = next_offset + 1;
      if ( (next_offset = tvb_pbrk_guint8(tvb,offset,-1,":")) >= linelen)
        break;

      len = next_offset - offset;
      proto_tree_add_text(ict_tree, tvb, offset, len, "%s: %s", fields[i],
        format_text(tvb_get_ptr(tvb, offset, len), len));
    }
  }
}

void
proto_register_ict(void)
{

  static hf_register_info hf[] = {
    { &hf_ict_string,
      { "ICT", "ict.string",
	FT_STRING, BASE_NONE, NULL, 0x0,
      	"ICT protocol", HFILL }}
  };
  static gint *ett[] = {
    &ett_ict,
  };

  proto_ict = proto_register_protocol("ICT Protocol", "ICT", "ict");
  proto_register_field_array(proto_ict, hf, array_length(hf));
  proto_register_subtree_array(ett, array_length(ett));
}

void
proto_reg_handoff_ict(void)
{
  dissector_handle_t ict_handle;

  ict_handle = create_dissector_handle(dissect_ict, proto_ict);
  dissector_add("udp.port", ICT_PORT, ict_handle);
}

Attachment: pgpyjTNoB7RLA.pgp
Description: PGP signature