Wireshark-dev: Re: [Wireshark-dev] query regarding gtp_handlefuntionanddecoderfunction.

From: "Anders Broman" <a.broman@xxxxxxxxx>
Date: Thu, 7 Sep 2006 07:53:05 +0200
Hi,
What you probably want to do is to change the current code to something
like:
static int
decode_gtp_priv_ext(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
proto_tree *tree) {

	guint16		length, ext_id;
	proto_tree	*ext_tree_priv_ext;
	proto_item	*te;
	tvbuff_t *new_tvb;

	te = proto_tree_add_text(tree, tvb, offset, 1,
val_to_str(GTP_EXT_PRIV_EXT, gtp_val, "Unknown message"));
	ext_tree_priv_ext = proto_item_add_subtree(te, ett_gtp_ext);

	offset++;
	length = tvb_get_ntohs(tvb, offset);
	proto_tree_add_item(ext_tree_priv_ext, hf_gtp_ext_length, tvb,
offset, 2, FALSE);
	offset = offset+2;
	if (length >= 2) {
		ext_id = tvb_get_ntohs(tvb, offset);
		proto_tree_add_uint(ext_tree_priv_ext, hf_gtp_ext_id, tvb,
offset, 2, ext_id);
		offset = offset+2;

		/*
		 * XXX - is this always a text string?  Or should it be
		 * displayed as hex data?
		 */
		if (length > 2)
			proto_tree_add_item(ext_tree_priv_ext,
hf_gtp_ext_val, tvb, offset, length-2, FALSE);
		switch (ext_id){
		case MY_MANUFACTURER_ID:
			new_tvb = tvb_new_subset(tvb, offset, length-2,
length-2);
			dissect_private_ext_manufacturer_id(new_twb, pinfo,
ext_tree_priv_ext)
			break;
		default:
			break;
		}
	}

	return 3+length;
}

Brg
Anders
-----Ursprungligt meddelande-----
Från: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] För prashanth joshi
Skickat: den 6 september 2006 22:52
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] query regarding
gtp_handlefuntionanddecoderfunction.

Hi Anders,
how r u...
I have a query Anders.
If we consider for example the following statement,
proto_tree_add_item(ext_tree_priv_ext, hf_gtp_ext_val, tvb, offset+5,
length-2, FALSE);
 
So length-2 bytes of data is added in to tree ,starting from the location
number ofset + 5 of tvb.
My query is : is it absolutely necessary to have hf_gtp_ext_
as the second argument when ever we want to add an item?
Can not we do away with it by having a NULL as second argument instead? ( I
found it difficult to understand how the contents of the proto_register_gtp
array are built)
And what would be the limitations if we try to add an item using the
proto_tree_add_text( ) instead ?
regards,
Prashanth

"Anders Broman (AL/EAB)" <anders.broman@xxxxxxxxxxxx> wrote:
Hi,
The function val_to_str(GTP_EXT_RAI, gtp_val, "Unknown message")); 
searches the svalue_string gtp-val for a match to GTP_EXT_RAI and if found
returns the matching string, in this case
"Routing Area Identity" if no match is found it will print "Unknown
message".
 
Best regards
Anders


From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of prashanth joshi
Sent: den 6 september 2006 09:25
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] query regarding gtp_handle
funtionanddecoderfunction.
Hi Anders, thanks.
Now the things are much clearer. Now i understand why the return value from
the decoder function is 3 + length. 
But yeah in    val_to_str(GTP_EXT_XXX, gtp_val, "UNKNOWN") , is the string
"UNKNOWN" concatenated with GTP_EXT_XXX and returned ?
regards,
Prashanth.

"Anders Broman (AL/EAB)" <anders.broman@xxxxxxxxxxxx> wrote:
Hi,
Are you trying to add something thats defined in 3GPP TS 29.060 or to do
someting for a nonstandard extension to the protocol?
( 0x7F is also allready used (define GTP_EXT_CHRG_ID  0x7F)).
 
The code:
    while (gtpopt[++i].optcode)
     if (gtpopt[i].optcode == ext_hdr_val)
      break;
    offset = offset + (*gtpopt[i].decode)(tvb, offset, pinfo, gtp_tree);
 
Will call the function pointed out by the Extension type (GTP_EXT_XXX) with
a tvb containing the GTP message and the offset parameter pointing to the
Extension type
(octet 1 in the IE descriptions of TS 29.060)
in the function you'll have to increase offset to pont to the byte you want
to "access".
Best regards
Anders
 


From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of prashanth joshi
Sent: den 5 september 2006 17:35
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] query regarding gtp_handle funtion
anddecoderfunction.
Hi Anders, 
Thanks for the reply.
But I'm affraid i did not put the whole thing very clearly.
I should have been more specific.
Actually i need to have in the define statement the following : 
#define  GTP_EXT_XXX    0x7f                 /* Satement 1 */
 
and then the  ( extension field , function pointer)  pair : 
( GTP_EXT_XXX           My_decode_fun)   /* Statement 2 */        
 
And then 
I need to check whether the value of the next byte is 0x30 , in the
My_decode_fun(...),
and then call decode_XXX(...) function.           /* Statement 3 */
 
Now in decode_XXX(...) function shall i include the same code that u have
specified in your reply or that needs to be modified? 
Also after Statement 2 , will the pointer tvb  automatically  incremented by
1 or i have to explicitly increment it?  This i need to know because i need
to compare the value 0x30  with the content of the next byte of tvb ( as
given in Statement 2 )  
 
 
regards,
Prashanth
 
    

"Anders Broman (AL/EAB)" <anders.broman@xxxxxxxxxxxx> wrote:
Hi,
Are you adding decoding of:
#define GTP_EXT_OMC_ID  0x8F   /* 3G 143 TLV OMC Identity 7.7.42 */
 
If so what you need to do is to add code in 
Line 4487
static int
decode_gtp_omc_id(tvbuff_t *tvb, int offset, packet_info *pinfo _U_,
proto_tree *tree) {
 
 guint16  length;
 
 length = tvb_get_ntohs(tvb, offset + 1);
 
 proto_tree_add_text(tree, tvb, offset, 3+length, "%s length : %u",
val_to_str(GTP_EXT_OMC_ID, gtp_val, "Unknown"), length);
 
 return 3 + length;
 
}
 
To do the actual decoding.
Best regards
Anders


From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of prashanth joshi
Sent: den 5 september 2006 12:06
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] query regarding gtp_handle funtion and
decoderfunction.
Hi all,
I'm adding a decoder for the gtp protocol. My query is :
1 ) So gtp_handle will do the dissection. It refers to the file packet_gtp.c
.
Finds the hex value for example in the following statement :
#define      GTP_EXT_XXX      0x8f
 and then if its value in the header matches 0x8f, refers to the (val,
decode_fun)  pair and then calls decode_fun to handle the decoding.
Now my question is : will the pointer tvb ( which is tvb_buff * tvb) be
incremented automatically when it enters the function decode_fun ? Or we
have to explicitly increment the pointer tvb in the decoder functin to
account for the byte containing 0x8f value in the tvb?
 
 
My other questions are :
2) I'm trying to locate the file containing the definition for the function
gtp_handle. But I'm not able to find it. Kindly can one please tell me where
its definition is?
 
3) Before actually starting the decoding in our decode function what is the
code that we have to write and what that is for?
 
regards,
Prashanth

Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small
Business. _______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev


Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates
starting at 1¢/min. _______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev


Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small
Business. _______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

  

Do you Yahoo!?
Get on board. You're invited to try the new Yahoo! Mail.