Wireshark-dev: Re: [Wireshark-dev] Query regarding GTP protocol

From: prashanth joshi <prashanthsjoshi2000@xxxxxxxxx>
Date: Sun, 24 Sep 2006 14:20:53 -0700 (PDT)


Hi,
I need to parse GTP' packet consisting in its message field the GCDR and then SRecord. Srecord is the record defined by us.
Now obviously I need to add code to the ethereal to do this.
I plan to check for the type fields in the pay load of the packet myself and then call the corresponding decoding functions for those fields. This I feel will give me more control on the execution of the code.
Now I would like to know where it would be best to add the code?
Shall I add the parsing code for both the G-CDR and the Srecord in decode_gtp_tr_comm( ........)  function?
In the above function the return value is 2 --- is this the offset returned?
In that case let us assume that I have parsed the contents of the G -CDR and SRecord in the decode_gtp_tr_comm ( ) function. Now, if  I return from the function decode_gtp_tr_comm( )  ---  the value (  2 + number of bytes in G-CDR + the number of bytes in Srecord ) would that be correct?
Or shall i need to add the parsing code in dissect_gtp( ) ?
Which is better?
And if i call from the function,  decode_gtp_tr_com( ), the decoder functions such as decode_gtp_imsi( ) or decode_gtp_msisdn( ) directly would that be correct ?
And one final thing,  now are all the functions to decode each of the fields in G-CDR provided in ethereal or I have to write atleast some of the decoder functions for the parsing of the G-CDR fields ? I have found some of the functions but still have to search for the other functions for decoding the G-CDR fields. How ever for SRecord fields I obviously have to write my own decoder functions
Thanks a lot,
Prashanth
 
 
 


All-new Yahoo! Mail - Fire up a more powerful email and get things done faster.