Wireshark-dev: Re: [Wireshark-dev] new plug-in dissector - no packets, displayed when dissector

From: Stuart Marsden <stuart@xxxxxxxxxxxx>
Date: Fri, 01 May 2009 17:10:56 +0100
Hi level dissect code

with display filter sslbp -I get just my packets
with display filter sslbp.type==0 or 1 - I get no displayed packets at all , but my printfs come out

thanks

Stuart


dissect_sslbp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
   int             offset = 0;
   proto_tree      *sslbp_tree;
   proto_item      *ti;
   proto_tree      *header_tree;
   proto_item      *header_item;

   guint16         magic;
   guint8          protocol_ver;
   int             start_offset;
   int             msglen;
   unsigned int    frmtyp;

// add stuff to columns in main window

if (check_col(pinfo->cinfo, COL_PROTOCOL)) // set the protcol column
           col_set_str(pinfo->cinfo, COL_PROTOCOL, "sslbp");
if (check_col(pinfo->cinfo, COL_INFO)) // clear the info column
           col_clear(pinfo->cinfo, COL_INFO);

// basic data

   magic = tvb_get_ntohs(tvb, offset + 0);
   protocol_ver  = tvb_get_guint8(tvb, offset + 2);
   frmtyp = tvb_get_guint8(tvb, offset + 3);
   msglen = tvb_reported_length_remaining(tvb, offset);

   hf_sslbp_type = frmtyp;

printf("disect_sslbp: magic [%x] ver [%x] typ [%x] length[%d]\n",magic,protocol_ver,frmtyp,msgle
n);

  if (magic != MAGIC) {
       if (check_col(pinfo->cinfo, COL_INFO))
               col_set_str(pinfo->cinfo, COL_INFO, "- bad magic value-");
       return;
   }

   if (check_col(pinfo->cinfo, COL_INFO)) {
           /*
            * Indicate what kind of message this is.
            */
           if ((frmtyp != MYFT_ANNOUNCE) && (frmtyp != MYFT_STATUS))
               col_set_str(pinfo->cinfo, COL_INFO, "- Invalid -");
           else
col_set_str(pinfo->cinfo, COL_INFO,val_to_str(frmtyp,frame_type,"Unknown (0x%02x)"))
;
           col_append_fstr(pinfo->cinfo, COL_INFO," len=%u", msglen );
   }


   if (tree == NULL) {
       printf("disect_sslbp: No tree");
       return;
   }


   ti = proto_tree_add_item(tree, proto_sslbp, tvb, 0, -1, FALSE);
   sslbp_tree = proto_item_add_subtree(ti, ett_sslbp);

   proto_item_append_text(sslbp_tree," length: %u bytes", msglen );

   if ((frmtyp != MYFT_ANNOUNCE) && (frmtyp != MYFT_STATUS)) {
       /*
        * Unknown message type.
        */
       proto_tree_add_text(sslbp_tree, tvb, offset, msglen, "Data");
       printf("disect_sslbp: unknown frame type");
       return;
   }

//  header

header_item = proto_tree_add_text(sslbp_tree, tvb, offset, MSG_HDR_SZ, "Header");
   header_tree = proto_item_add_subtree(header_item, ett_sslbp_header);
   proto_tree_add_text(header_tree, tvb, offset, 2,
       "Magic: %x", magic);
   proto_tree_add_text(header_tree, tvb, offset+2, 1,
       "Protocol Version: %x", protocol_ver);
   proto_tree_add_text(header_tree, tvb, offset+3, 1,
       "Frame type: %s", val_to_str(frmtyp,frame_type,"Unknown (0x%02x)"));

proto_item_append_text(header_tree,"Frame type: %s", val_to_str(frmtyp,frame_type,"Unknown (0x%0
2x)"));


// announce and status frames

   start_offset = offset;
   offset += MSG_HDR_SZ;

   switch (frmtyp) {
   case MYFT_ANNOUNCE:
       offset = decode_announce(tvb, offset,pinfo, sslbp_tree);
       break;
   case MYFT_STATUS:
       offset = decode_status(tvb, offset, pinfo,sslbp_tree);
       break;
   default:
       break;
   }
   return;
}
> Hi,
> > I am new to WS development, I now have a plugin which works well. > > however if I select "sslbp.frametype" in the display filter , I can > select "Status" in the predefined values > > however: > > my printfs appear on the console, for both frametypes but no packets are > displayed > > I know I must be doing something stupid, but I cant get this to work

Can you show the code where you're adding the frame type to the tree (the proto_tree_add_*([...] hf_sslbp_type [...]) call)?