Wireshark-dev: Re: [Wireshark-dev] removed functions fast way to find substitutes?

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Fri, 21 Nov 2014 15:29:10 +0100


2014-11-21 14:06 GMT+01:00 Semjon <semgo@xxxxxx>:



Am 21.11.2014 um 10:06 schrieb Guy Harris:
>
> On Nov 21, 2014, at 12:48 AM, Semjon <semgo-S0/GAf8tV78@xxxxxxxxxxxxxxxx> wrote:
>
>> One of my current problems is with
>>
>> tvb_get_faked_unicode(...)
>>
>> which isn't available anymore.
>> In my Protocol I have some Ascii-encoded String but which comes as two
>> bytes per character. Example:
>> {0x0031, 0x0032, 0x0033, 0x0034, 0x0000} in tvb should display in
>> GUI/Tree/PacketList as "1234"
>
> If that's truly ASCII-encoded, that would be a significant waste of bytes - you could just use one byte per character for ASCII; if the second byte is always zero, that byte serves no useful purpose.
>
> So I'll assume it's a *superset* of ASCII, and that you mean either "UTF-16 encoded string" or "UCS-2 encoded string" rather than "ASCII-encoded string which comes as two bytes per character".
>
> So:
>
>> I used to call:
>>
>> tvb_get_faked_unicode(NULL,tvb, 20, ((tvb_length(tvb)-20)/2),ENC_BIG_ENDIAN)
>>
>> and display result as %s in col_append_fstr() or as FT_STRING in
>> proto_tree_add_string().
>>
>> So could anyone give me a hint, is there a function still available for
>> this type of encoding
>
>       tvb_get_string_enc(tvb, {offset}, {length of string}, ENC_UTF_16|ENC_BIG_ENDIAN)
>
> or
>
>       tvb_get_string_enc(tvb, {offset}, {length of string}, ENC_UCS_2|ENC_BIG_ENDIAN)
>
> depending on whether it's UTF-16 (with surrogate pairs to handle Unicode characters that don't fit in 16 bits) or UCS-2 (supporting only characters in the Unicode Basic Multilingual Plane, without surrogate pairs).
>
> Note that tvb_get_string_enc() returns a UTF-8-encoded string; octet sequences that can't be mapped to UTF-8 strings will be replaced by the Unicode "replacement character".
>
>> In general is there a fast/convenient way - other than manually looking
>> through the sources after functions that might do what i want - to check
>> if this function X is now replaced by function Y.
>
> No.  You could check doc/README.developer, etc. to see if anything is mentioned.
>
>> Other examples I need to replace are:
>> abs_time_to_ep_str()
>
>       abs_time_to_str({wmem scope}, ...)
>
> The old "ephemeral" and "session" memory mechanisms are deprecated in favor of the new wmem mechanisms.  The scope that's equivalent to "ephemeral" scope is, I think, packet scope (right, Evan?), so you'd want
>
>       abs_time_to_str(wmem_packet_scope(), ...)
>
>> nstime_delta()
>
> Its replacement is called nstime_delta() and has the exact same arguments. :-)
>
> However, you need to include <wsutil/nstime.h> to get it declared.
>

Well thanks a lot everybody for helping. I could resolve almost all of
my Problems with Your help. In fact the "ASCII encoded 2-byte-string" is
a Unicode String shame on me :-)

Unfortunately no luck with nstime_delta().

I already had included  <wsutil/nstime.h>

My call looks like this:

        proto_item *it;
        nstime_t ns;

        it=proto_tree_add_uint(xyz_tree, hf_xyz_response_to, tvb, 0, 0,
xyz_trans->req_frame);
        PROTO_ITEM_SET_GENERATED(it);

        nstime_delta(&ns, &pinfo->fd->abs_ts, &xyz_trans->req_time);
        it=proto_tree_add_time(xyz_tree, hf_xyz_response_time, tvb, 0,
0, &ns);
        PROTO_ITEM_SET_GENERATED(it);

It always generates errors LNK2019/LNK1120 ... unresolved external
symbol "__imp__nstime_delta" in function ...

Hope You have an idea here. I'm not really good in finding the necessary
functions/files to include in such a big project and my search on the
www on this was not successful.


Hi,

assuming that your proprietary dissector is a plugin, ensure that your makefile indicates the path to libwsutil. I guess you are on Windows, so your Makefile.nmake file should contain:

!IFDEF ENABLE_LIBWIRESHARK
LINK_PLUGIN_WITH= ..\..\wsutil\libwsutil.lib
CFLAGS=$(CFLAGS)