Wireshark-users: [Wireshark-users] comments/rants wrt my (very first) dissector
From: Toralf Förster <toralf.foerster@xxxxxx>
Date: Tue, 24 Feb 2009 12:57:01 +0100
Hello, I attached my first real attempt of writing a dissector, designed for the Lotus Notes Sametime protocol (just for fun of course). Although it isn't far away from being ready b/c there isn't a format specification available I derived sth. from the meanwhile project. Thx for help, especially to get rid of these warnings : tfoerste@n22 ~/devel/wireshark/epan/dissectors $ make packet-sametime.o ccache gcc -DHAVE_CONFIG_H -I. -I../.. -I./../.. -I./.. -I/usr/local/include '-DPLUGIN_DIR="/usr/local/lib/wireshark/plugins/1.1.3"' -DINET6 -D_U_="__attribute__((unused))" -g -O2 -Wall -W -Wdeclaration-after-statement -Wendif-labels -Wpointer-arith -Wno-pointer-sign -Wcast-align -Wformat-security -I/usr/local/include -pthread -I/usr/include/gtk-2.0 -I/usr/lib/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/pixman-1 -MT packet-sametime.o -MD -MP -MF .deps/packet-sametime.Tpo -c -o packet-sametime.o packet-sametime.c packet-sametime.c: In function 'get_sametime_message_len': packet-sametime.c:387: warning: unused parameter 'pinfo' packet-sametime.c: In function 'sametime_stats_tree_packet': packet-sametime.c:833: warning: unused parameter 'pinfo' packet-sametime.c:833: warning: unused parameter 'edt' mv -f .deps/packet-sametime.Tpo .deps/packet-sametime.Po -- MfG/Sincerely Toralf Förster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#ifndef ENABLE_STATIC
#include <gmodule.h>
#else
#include <glib.h>
#endif
#ifndef ENABLE_STATIC
G_MODULE_EXPORT const gchar version[] = "0.1";
#endif
#include <epan/packet.h>
#include <epan/dissectors/packet-tcp.h>
#include <epan/prefs.h>
#include <epan/tap.h>
#include <epan/stats_tree.h>
void proto_reg_handoff_sametime();
static int proto_sametime = -1;
static int global_sametime_port = 1533;
static dissector_handle_t sametime_handle;
/* Preference */
static gboolean global_sametime_show_length = FALSE;
static gboolean global_sametime_reassemble_packets = TRUE;
/*message header items*/
static int hf_sametime_heartbeat = -1;
/*sametime message header*/
static int hf_sametime_message_length = -1;
static int hf_sametime_message_type = -1;
static int hf_sametime_message_options = -1;
static int hf_sametime_message_options_attribute = -1;
static int hf_sametime_message_options_encrypted = -1;
static int hf_sametime_message_channel = -1;
/*common types*/
static int hf_sametime_field_length = -1;
static int hf_sametime_field_text = -1;
static int hf_sametime_code = -1;
static int hf_sametime_login_type = -1;
static int hf_sametime_time = -1;
/*handshake protocol*/
static int hf_sametime_handshake_major = -1;
static int hf_sametime_handshake_minor = -1;
static int hf_sametime_handshake_srvrcalc_addr = -1;
static int hf_sametime_handshake_loclcalc_addr = -1;
/*channel*/
static int hf_sametime_channel_service = -1;
static int hf_sametime_channel_id = -1;
static int hf_sametime_channel_send_type = -1;
static int hf_sametime_channel_awareness = -1;
static int hf_sametime_channel_magic = -1;
/*user status*/
static int hf_sametime_user_status = -1;
/*location*/
static int hf_sametime_location_country = -1;
static int hf_sametime_location_postalcode = -1;
static int hf_sametime_location_province = -1;
static int hf_sametime_location_city = -1;
static int hf_sametime_location_phone = -1;
static int hf_sametime_location_name = -1;
static int hf_sametime_location_timezone = -1;
static gint ett_sametime = -1;
static gint ett_sametime_options = -1;
static int sametime_tap = -1;
static const guint8* st_str_packets = "Sametime Total Packets";
static const guint8* st_str_message_types = "Sametime Message Types";
static int st_node_packets = -1;
static int st_node_message_type = -1;
struct SametimeTap {
gint16 message_type;
};
static const value_string messagetypenames[] = {
{ 0x80, "HEARTBEAT" },
{ 0x0000, "HANDSHAKE" },
{ 0x8000, "HANDSHAKE_ACK" },
{ 0x0001, "LOGIN" },
{ 0x8001, "LOGIN_ACK" },
{ 0x0018, "LOGIN_REDIRECT" },
{ 0x0016, "LOGIN_CONTINUE" },
{ 0x0002, "CHANNEL_CREATE" },
{ 0x0003, "CHANNEL_DESTROY" },
{ 0x0004, "CHANNEL_SEND" },
{ 0x0006, "CHANNEL_ACCEPT" },
{ 0x0009, "SET_USER_STATUS" },
{ 0x000b, "SET_PRIVACY_LIST" },
{ 0x0011, "SENSE_SERVICE" },
{ 0x0019, "ADMIN" },
{ 0x0022, "ANNOUNCE" },
{ 0, NULL }
};
static const value_string optionnames[] = {
{ 0x0, "" },
{ 0x4000, "ENCRYPT" },
{ 0x8000, "HAS_ATTRIBS" },
{ 0, NULL }
};
static const value_string userstatusnames[] = {
{ 0x0020, "ACTIVE" },
{ 0x0040, "IDLE" },
{ 0x0060, "AWAY" },
{ 0x0080, "BUSY" },
{ 0, NULL }
};
static const value_string sendtypenames[] = {
{ 0x0068, "AWARE_ADD" },
{ 0x0069, "AWARE_REMOVE" },
{ 0x00c9, "OPT_DO_SET" },
{ 0x00cb, "OPT_WATCH" },
{ 0x01f4, "AWARE_SNAPSHOT" },
{ 0x01f5, "AWARE_UPDATE" },
{ 0x0259, "OPT_GOT_SET" },
{ 0x025d, "OPT_DID_SET" },
{ 0, NULL }
};
static const value_string awarenessnames[] = {
{ 0x0002, "USER" },
{ 0x0003, "GROUP" },
{ 0x0008, "SERVER" },
{ 0, NULL }
};
static const value_string codenames[] = {
{ 0x00000011, "SERVICE_AWARE" },
{ 0x00000015, "SERVICE_RESOLVE" },
{ 0x00000018, "SERVICE_STORAGE" },
{ 0x0000001a, "SERVICE_DIRECTORY" },
{ 0x80000011, "ERR_USER_SKETCHY" },
{ 0x80000015, "ERR_TOKEN_INVALID" },
{ 0x80000018, "ERR_PORT_IN_USE" },
{ 0x80000022, "ERR_CHANNEL_DESTROYED" },
{ 0, NULL }
};
void
proto_register_sametime(void)
{
static hf_register_info hf[] = {
/*tcp payload is one byte : 0x80*/
{ &hf_sametime_heartbeat,
{ "heartbeat", "sametime.heartbeat",
FT_UINT8, BASE_HEX,
NULL, 0x0,
NULL, HFILL }
},
/*sametime message header*/
{ &hf_sametime_message_length,
{ "msg length", "sametime.message_length",
FT_UINT32, BASE_DEC,
NULL, 0,
NULL, HFILL }
},
{ &hf_sametime_message_type,
{ "msg type", "sametime.message_type",
FT_UINT16, BASE_HEX,
VALS(messagetypenames), 0x0,
NULL, HFILL }
},
{ &hf_sametime_message_options,
{ "msg options", "sametime.message_options",
FT_UINT16, BASE_HEX,
VALS(optionnames), 0x0,
NULL, HFILL }
},
{ &hf_sametime_message_options_encrypted,
{ "ENCRYPT", "sametime.message_options.encrypted",
FT_BOOLEAN, 16,
NULL, 0x4000,
NULL, HFILL }
},
{ &hf_sametime_message_options_attribute,
{ "HAS_ATTRIBS", "sametime.message_options.attribute",
FT_BOOLEAN, 16,
NULL, 0x8000,
NULL, HFILL }
},
{ &hf_sametime_message_channel,
{ "msg channel", "sametime.message_channel",
FT_UINT32, BASE_DEC,
NULL, 0,
NULL, HFILL }
},
/*common fields within various message types*/
{ &hf_sametime_field_length,
{ "length", "sametime.field_length",
FT_UINT16, BASE_DEC,
NULL, 0,
NULL, HFILL }
},
{ &hf_sametime_field_text,
{ "text", "sametime.field_text",
FT_STRING, BASE_NONE,
NULL, 0x0,
NULL, HFILL }
},
{ &hf_sametime_code,
{ "code", "sametime.code",
FT_UINT32, BASE_HEX,
VALS(codenames), 0x0,
NULL, HFILL }
},
{ &hf_sametime_login_type,
{ "login type", "sametime.login_type",
FT_UINT16, BASE_HEX,
NULL, 0x0,
NULL, HFILL }
},
{ &hf_sametime_time,
{ "time (msec)", "sametime.time",
FT_UINT32, BASE_DEC,
NULL, 0,
NULL, HFILL }
},
/*type handshake*/
{ &hf_sametime_handshake_major,
{ "major", "sametime.handshake.major",
FT_UINT16, BASE_HEX,
NULL, 0x0,
NULL, HFILL }
},
{ &hf_sametime_handshake_minor,
{ "minor", "sametime.handshake.minor",
FT_UINT16, BASE_HEX,
NULL, 0x0,
NULL, HFILL }
},
{ &hf_sametime_handshake_srvrcalc_addr,
{ "srvr", "sametime.handshake.srvrcalc_addr",
FT_IPv4, BASE_NONE,
NULL, 0x0,
NULL, HFILL }
},
{ &hf_sametime_handshake_loclcalc_addr,
{ "locl", "sametime.handshake.loclcalc_addr",
FT_IPv4, BASE_NONE,
NULL, 0x0,
NULL, HFILL }
},
/*type channel*/
{ &hf_sametime_channel_service,
{ "service id", "sametime.channel.service",
FT_UINT32, BASE_DEC,
NULL, 0,
NULL, HFILL }
},
{ &hf_sametime_channel_id,
{ "channel id", "sametime.channel.id",
FT_UINT32, BASE_DEC,
NULL, 0,
NULL, HFILL }
},
{ &hf_sametime_channel_send_type,
{ "send type", "sametime.channel.send_type",
FT_UINT16, BASE_HEX,
VALS(sendtypenames), 0,
NULL, HFILL }
},
{ &hf_sametime_channel_awareness,
{ "awareness", "sametime.channel.awareness",
FT_UINT16, BASE_HEX,
VALS(awarenessnames), 0x0,
NULL, HFILL }
},
{ &hf_sametime_channel_magic,
{ "channel magic byte", "sametime.channel.magic",
FT_UINT8, BASE_HEX,
NULL, 0x0,
NULL, HFILL }
},
/*type user status*/
{ &hf_sametime_user_status,
{ "user status", "sametime.user_status_type",
FT_UINT16, BASE_HEX,
VALS(userstatusnames), 0x0,
NULL, HFILL }
},
/*type location*/
{ &hf_sametime_location_name,
{ "name", "sametime.location.name",
FT_STRING, BASE_NONE,
NULL, 0x0,
NULL, HFILL }
},
{ &hf_sametime_location_city,
{ "city", "sametime.location.city",
FT_STRING, BASE_NONE,
NULL, 0x0,
NULL, HFILL }
},
{ &hf_sametime_location_province,
{ "province", "sametime.location.province",
FT_STRING, BASE_NONE,
NULL, 0x0,
NULL, HFILL }
},
{ &hf_sametime_location_postalcode,
{ "postal code", "sametime.location.postalcode",
FT_STRING, BASE_NONE,
NULL, 0x0,
NULL, HFILL }
},
{ &hf_sametime_location_country,
{ "country", "sametime.location.country",
FT_STRING, BASE_NONE,
NULL, 0x0,
NULL, HFILL }
},
{ &hf_sametime_location_phone,
{ "phone", "sametime.location.phone",
FT_STRING, BASE_NONE,
NULL, 0x0,
NULL, HFILL }
},
{ &hf_sametime_location_timezone,
{ "time zone", "sametime.location.timezone",
FT_STRING, BASE_NONE,
NULL, 0x0,
NULL, HFILL }
},
};
static gint *ett[] = {
&ett_sametime,
&ett_sametime_options
};
module_t *sametime_module;
proto_sametime = proto_register_protocol (
"Sametime Protocol", /* name */
"SAMETIME", /* short name */
"sametime" /* abbrev */
);
proto_register_field_array(proto_sametime, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
sametime_tap = register_tap("sametime");
/* Preference setting */
sametime_module = prefs_register_protocol(proto_sametime, NULL);
prefs_register_bool_preference(sametime_module, "show_length",
"Show length","Show length of text field",
&global_sametime_show_length);
prefs_register_bool_preference(sametime_module, "reassemble",
"Reassemble","reassemble packets",
&global_sametime_reassemble_packets);
}
/*
length of the sametime message
*/
static guint
get_sametime_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
{ guint32 N = tvb_length_remaining(tvb, offset);
if (N < 4) { /*eg. heartbeat 0x80*/
return N;
} else {
return tvb_get_ntohl(tvb, offset) + 4;
}
}
/*
1) add length of a field to the tree - if corresponding preference is set to TRUE
2) add the string itself to the proto tree
*/
static int
add_text_item(tvbuff_t *tvb, proto_tree *tree, int offset, int hf) {
guint16 length = tvb_get_ntohs(tvb, offset);
if (length > tvb_length_remaining(tvb, offset + 2)) {
return 0;
}
if (global_sametime_show_length) {
proto_tree_add_item(tree, hf_sametime_field_length, tvb, offset, 2, FALSE);
}
if (length) {
proto_tree_add_string(tree, hf, tvb, offset + 2, length, tvb_get_string(tvb, offset + 2, length));
}
return (2 + length);
}
static int
dissect_handshake(tvbuff_t *tvb, proto_tree *tree, int offset) {
proto_tree_add_item(tree, hf_sametime_handshake_major, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(tree, hf_sametime_handshake_minor, tvb, offset, 2, FALSE);
offset += 2;
offset += 4;
proto_tree_add_item(tree, hf_sametime_handshake_srvrcalc_addr, tvb, offset, 4, FALSE);
offset += 4;
proto_tree_add_item(tree, hf_sametime_login_type, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(tree, hf_sametime_handshake_loclcalc_addr, tvb, offset, 4, FALSE);
offset += 4;
offset += 6;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
offset += 8;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
return offset;
}
static void
dissect_handshake_ack(tvbuff_t *tvb, proto_tree *tree, int offset) {
proto_tree_add_item(tree, hf_sametime_handshake_major, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(tree, hf_sametime_handshake_minor, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(tree, hf_sametime_handshake_loclcalc_addr, tvb, offset, 4, FALSE);
offset += 4;
// proto_tree_add_item(tree, hf_sametime_handshake_srvrcalc_addr, tvb, offset, 4, FALSE);
offset += 4;
offset += 4;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
}
static void
dissect_login(tvbuff_t *tvb, proto_tree *tree, int offset) {
offset += 2;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
}
static void
dissect_login_redirect(tvbuff_t *tvb, proto_tree *tree, int offset) {
offset += 2;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
}
static void
dissect_login_ack(tvbuff_t *tvb, proto_tree *tree, int offset) {
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
proto_tree_add_item(tree, hf_sametime_login_type, tvb, offset, 2, FALSE);
offset += 2;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
offset += 3;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
proto_tree_add_item(tree, hf_sametime_handshake_loclcalc_addr, tvb, offset, 4, FALSE);
offset += 4;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
offset += 21;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
}
static void
dissect_channel_create(tvbuff_t *tvb, proto_tree *tree, int offset) {
offset += 4;
proto_tree_add_item(tree, hf_sametime_channel_id, tvb, offset, 4, FALSE);
offset += 4;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
proto_tree_add_item(tree, hf_sametime_channel_service, tvb, offset, 4, FALSE);
offset += 4;
offset += 8;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
}
static void
dissect_channel_send(tvbuff_t *tvb, proto_tree *tree, int offset) {
guint8 magic;
guint16 send_type, awareness, user_status;
send_type = tvb_get_ntohs(tvb, offset);
proto_item_append_text(tree, ", %s", val_to_str(send_type,sendtypenames, "0x%x"));
proto_tree_add_item(tree, hf_sametime_channel_send_type, tvb, offset, 2, FALSE);
offset += 2;
switch (send_type) {
case 0x0067:
case 0x0068:
offset += 8;
awareness = tvb_get_ntohs(tvb, offset);
proto_item_append_text(tree, ", %s", val_to_str(awareness, awarenessnames, "0x%x"));
proto_tree_add_item(tree, hf_sametime_channel_awareness, tvb, offset, 2, FALSE);
offset += 2;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
break;
case 0x00c9:
if (offset + 24 <= tvb_length_remaining(tvb, offset + 2)) {
offset += 24;
offset += add_text_item(tvb, tree, offset, hf_sametime_location_country);
offset += add_text_item(tvb, tree, offset, hf_sametime_location_postalcode);
offset += add_text_item(tvb, tree, offset, hf_sametime_location_province);
offset += add_text_item(tvb, tree, offset, hf_sametime_location_city);
offset += add_text_item(tvb, tree, offset, hf_sametime_location_phone);
offset += 1;
offset += add_text_item(tvb, tree, offset, hf_sametime_location_name);
offset += add_text_item(tvb, tree, offset, hf_sametime_location_timezone);
}
break;
case 0x01f4:
offset += 12;
awareness = tvb_get_ntohs(tvb, offset);
proto_item_append_text(tree, ", %s", val_to_str(awareness, awarenessnames, "0x%x"));
proto_tree_add_item(tree, hf_sametime_channel_awareness, tvb, offset, 2, FALSE);
offset += 2;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
break;
case 0x01f5:
offset += 8;
awareness = tvb_get_ntohs(tvb, offset);
proto_item_append_text(tree, ", %s", val_to_str(awareness, awarenessnames, "0x%x"));
proto_tree_add_item(tree, hf_sametime_channel_awareness, tvb, offset, 2, FALSE);
offset += 2;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
offset += 4;
magic = tvb_get_guint8(tvb, offset);
proto_tree_add_item(tree, hf_sametime_channel_magic, tvb, offset, 1, FALSE);
offset += 1;
switch (magic) {
case 0x00:
offset += 2;
break;
case 0x01:
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
user_status = tvb_get_ntohs(tvb, offset);
proto_item_append_text(tree, ", %s", val_to_str(user_status, userstatusnames, "0x%x"));
proto_tree_add_item(tree, hf_sametime_user_status, tvb, offset, 2, FALSE);
offset += 2;
offset += 4;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
offset += 4;
break;
default:
break;
}
break;
case 0x0259:
offset += 8;
awareness = tvb_get_ntohs(tvb, offset);
proto_item_append_text(tree, ", %s", val_to_str(awareness, awarenessnames, "0x%x"));
proto_tree_add_item(tree, hf_sametime_channel_awareness, tvb, offset, 2, FALSE);
offset += 2;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
offset += 4;
if (offset + 24 <= tvb_length_remaining(tvb, offset + 2)) {
offset += 24;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
offset += 4;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
} else if (offset + 18 <= tvb_length_remaining(tvb, offset + 2)) {
offset += 18;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
}
break;
default:
break;
}
}
static void
dissect_channel_accept(tvbuff_t *tvb, proto_tree *tree, int offset) {
if (offset + 54 <= tvb_length_remaining(tvb, offset + 2)) {
offset += 54;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
}
}
static void
dissect_set_user_status(tvbuff_t *tvb, proto_tree *tree, int offset) {
guint16 user_status;
user_status = tvb_get_ntohs(tvb, offset);
proto_item_append_text(tree, ", %s", val_to_str(user_status, userstatusnames, "0x%x"));
proto_tree_add_item(tree, hf_sametime_user_status, tvb, offset, 2, FALSE);
offset += 2;
proto_tree_add_item(tree, hf_sametime_time, tvb, offset, 4, FALSE);
offset += 4;
offset += add_text_item(tvb, tree, offset, hf_sametime_field_text);
}
static void
dissect_sense_service(tvbuff_t *tvb, proto_tree *tree, int offset) {
guint32 code;
code = tvb_get_ntohl(tvb, offset);
proto_item_append_text(tree, ", %s", val_to_str(code, codenames, "0x%x"));
proto_tree_add_item(tree, hf_sametime_code, tvb, offset, 4, FALSE);
offset += 4;
}
/*
here we really dissect the message
*/
static void
dissect_sametime_content(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
static struct SametimeTap sinfo;
int offset = 0;
guint packet_length = tvb_length_remaining(tvb, offset);
if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "SAMETIME");
}
if (check_col(pinfo->cinfo,COL_INFO)) {
col_clear(pinfo->cinfo,COL_INFO);
}
if (packet_length == 1 && tvb_get_guint8(tvb, 0) == 0x80) {
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_str(pinfo->cinfo, COL_INFO, "Heartbeat");
}
}
if (tree) {
proto_item *ti = NULL;
proto_tree *sametime_tree = NULL;
ti = proto_tree_add_item(tree, proto_sametime, tvb, offset, -1, FALSE);
sametime_tree = proto_item_add_subtree(ti, ett_sametime);
if (packet_length == 1) {
proto_tree_add_item(sametime_tree, hf_sametime_heartbeat, tvb, offset, 1, FALSE);
proto_item_append_text(sametime_tree, ", Heartbeat");
/*statistic*/
sinfo.message_type = 0x80;
} else {
proto_tree *options_tree;
proto_item *op;
guint16 message_type;
/*first 4 bytes gives the length of the sametime message*/
if (global_sametime_show_length) {
proto_tree_add_item(sametime_tree, hf_sametime_message_length, tvb, offset, 4, FALSE);
}
offset += 4;
/*this indicates the type of the sametime message*/
message_type = tvb_get_ntohs(tvb, offset);
/*statistic*/
sinfo.message_type = message_type;
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_str(pinfo->cinfo, COL_INFO, val_to_str(message_type, messagetypenames, "0x%x"));
}
proto_item_append_text(sametime_tree, ", %s",
val_to_str(message_type, messagetypenames, "0x%x"));
proto_tree_add_item(sametime_tree, hf_sametime_message_type, tvb, offset, 2, FALSE);
offset += 2;
/*add message options*/
op = proto_tree_add_item(sametime_tree, hf_sametime_message_options, tvb, offset, 2, FALSE);
options_tree = proto_item_add_subtree(op, ett_sametime_options);
proto_tree_add_item(options_tree, hf_sametime_message_options_attribute, tvb, offset, 2, FALSE);
proto_tree_add_item(options_tree, hf_sametime_message_options_encrypted, tvb, offset, 2, FALSE);
offset += 2;
/*add message channel*/
proto_tree_add_item(sametime_tree, hf_sametime_message_channel, tvb, offset, 4, FALSE);
offset += 4;
/*dive into specific message type*/
switch (message_type)
{
case 0x00: dissect_handshake(tvb, sametime_tree, offset);
break;
case 0x8000: dissect_handshake_ack(tvb, sametime_tree, offset);
break;
case 0x01: dissect_login(tvb, sametime_tree, offset);
break;
case 0x0018: dissect_login_redirect(tvb, sametime_tree, offset);
break;
case 0x8001: dissect_login_ack(tvb, sametime_tree, offset);
break;
case 0x02: dissect_channel_create(tvb, sametime_tree, offset);
break;
case 0x04: dissect_channel_send(tvb, sametime_tree, offset);
break;
case 0x06: dissect_channel_accept(tvb, sametime_tree, offset);
break;
case 0x09: dissect_set_user_status(tvb, sametime_tree, offset);
break;
case 0x11: dissect_sense_service(tvb, sametime_tree, offset);
break;
default:
break;
}
}
} /*if (tree)*/
tap_queue_packet(sametime_tap, pinfo, &sinfo);
}
/*
statistic : count packets wrt message type
*/
static int
sametime_stats_tree_packet(stats_tree* st, packet_info* pinfo, epan_dissect_t* edt, const void* p)
{
struct SametimeTap *pi = (struct SametimeTap *)p;
tick_stat_node(st, st_str_packets, 0, FALSE);
stats_tree_tick_pivot(st, st_node_message_type, val_to_str(pi->message_type, messagetypenames, "Unknown (0x%x)"));
return 1;
}
/*
init statistic
*/
static void
sametime_stats_tree_init(stats_tree* st)
{
st_node_packets = stats_tree_create_node(st, st_str_packets, 0, TRUE);
st_node_message_type = stats_tree_create_pivot(st, st_str_message_types, st_node_packets);
}
/*
the dissector itself
*/
static void
dissect_sametime(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
tcp_dissect_pdus(tvb, pinfo, tree, global_sametime_reassemble_packets, 0,
get_sametime_message_len, dissect_sametime_content);
}
/*
create / register
*/
void
proto_reg_handoff_sametime(void)
{
sametime_handle = create_dissector_handle(dissect_sametime, proto_sametime);
dissector_add("tcp.port", global_sametime_port, sametime_handle);
stats_tree_register("sametime","sametime","Sametime/Packet Counter",
sametime_stats_tree_packet, sametime_stats_tree_init, NULL );
}
- Follow-Ups:
- Re: [Wireshark-users] comments/rants wrt my (very first) dissector
- From: Jaap Keuter
- Re: [Wireshark-users] comments/rants wrt my (very first) dissector
- Prev by Date: Re: [Wireshark-users] Counting Missed or resent Packets
- Next by Date: [Wireshark-users] Organization Event TLV
- Previous by thread: [Wireshark-users] Variable decoding depth
- Next by thread: Re: [Wireshark-users] comments/rants wrt my (very first) dissector
- Index(es):