Wireshark · Ethereal-dev: [Ethereal-dev] snmp patch: adding filter

Ethereal-dev: [Ethereal-dev] snmp patch: adding filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Thierry Andry <Thierry.Andry@xxxxxxxxxxx>

Date: Fri, 18 Apr 2003 20:35:20 +0200

Hello All,

Here's a patch for the snmp dissector.

What has changed ? I just added filter for the different fields so thatyou can filter like snmp.version == 1, snmp.enterprise == 1.5.3...

I tried to compile it under Cygwin against lastest version available oncvs but failed to:Finally I found that config.h didn't included all the -DHAVE... flags.Don't know yet what went wrong (will search later)



Here's the patch.

Cheers,
Thierry

Index: packet-snmp.c
===================================================================
RCS file: /cvsroot/ethereal/packet-snmp.c,v
retrieving revision 1.104
diff -u -r1.104 packet-snmp.c
--- packet-snmp.c	2 Mar 2003 21:52:21 -0000	1.104
+++ packet-snmp.c	18 Apr 2003 18:32:03 -0000
@@ -124,6 +124,14 @@
 static gint ett_flags = -1;
 static gint ett_secur = -1;
 
+static int hf_snmp_version = -1;
+static int hf_snmp_community = -1;
+static int hf_snmp_pdutype = -1;
+static int hf_snmp_agent = -1;
+static int hf_snmp_enterprise = -1;
+static int hf_snmp_traptype = -1;
+static int hf_snmp_spectraptype = -1;
+static int hf_snmp_timestamp = -1;
 static int hf_snmpv3_flags = -1;
 static int hf_snmpv3_flags_auth = -1;
 static int hf_snmpv3_flags_crypt = -1;
@@ -939,6 +947,8 @@
 	subid_t *enterprise;
 	guint enterprise_length;
 
+	guint32 agent_ipaddr;
+
 	guint8 *agent_address;
 	guint agent_address_length;
 
@@ -967,8 +977,9 @@
 		col_add_str(pinfo->cinfo, COL_INFO, pdu_type_string);
 	length = asn1.offset - start;
 	if (tree) {
-		proto_tree_add_text(tree, tvb, offset, length,
-		    "PDU type: %s", pdu_type_string);
+		/* proto_tree_add_text(tree, tvb, offset, length,
+		    "PDU type: %s", pdu_type_string); */
+		proto_tree_add_uint(tree,hf_snmp_pdutype,tvb,offset,length,pdu_type);
 	}
 	offset += length;
 
@@ -1050,8 +1061,10 @@
 		}
 		if (tree) {
 			oid_string = format_oid(enterprise, enterprise_length);
-			proto_tree_add_text(tree, tvb, offset, length,
-			    "Enterprise: %s", oid_string);
+			/* proto_tree_add_text(tree, tvb, offset, length,
+			    "Enterprise: %s", oid_string); */
+			proto_tree_add_string(tree,hf_snmp_enterprise, tvb, offset,
+				length, SAFE_STRING(oid_string));
 			g_free(oid_string);
 		}
 		g_free(enterprise);
@@ -1094,10 +1107,12 @@
 				    "Agent address: <length is %u, not 4>",
 				    agent_address_length);
 			} else {
-				proto_tree_add_text(tree, tvb, offset,
+				/* proto_tree_add_text(tree, tvb, offset,
 				    length,
 				    "Agent address: %s",
-				    ip_to_str(agent_address));
+				    ip_to_str(agent_address)); */
+				memcpy((guint8*)&agent_ipaddr, agent_address, agent_address_length);
+				proto_tree_add_ipv4(tree, hf_snmp_agent, tvb, offset, length, agent_ipaddr);
 			}
 		}
 		g_free(agent_address);
@@ -1111,9 +1126,10 @@
 			return;
 		}
 		if (tree) {
-			proto_tree_add_text(tree, tvb, offset, length,
-			    "Trap type: %s",
-			    val_to_str(trap_type, trap_types, "Unknown (%u)"));
+			/* proto_tree_add_text(tree, tvb, offset, length,
+				"Trap type: %s",
+				val_to_str(trap_type, trap_types, "Unknown (%u)")); */
+			proto_tree_add_uint(tree, hf_snmp_traptype, tvb, offset, length, trap_type);
 		}
 		offset += length;
 
@@ -1125,9 +1141,10 @@
 			return;
 		}
 		if (tree) {
-			proto_tree_add_text(tree, tvb, offset, length,
-			    "Specific trap type: %u (%#x)",
-			    specific_type, specific_type);
+			/* proto_tree_add_text(tree, tvb, offset, length,
+				"Specific trap type: %u (%#x)",
+				specific_type, specific_type); */
+			proto_tree_add_uint(tree, hf_snmp_spectraptype, tvb, offset, length, specific_type);
 		}
 		offset += length;
 
@@ -1155,8 +1172,9 @@
 		}
 		length = asn1.offset - start;
 		if (tree) {
-			proto_tree_add_text(tree, tvb, offset, length,
-			    "Timestamp: %u", timestamp);
+			/* proto_tree_add_text(tree, tvb, offset, length,
+			    "Timestamp: %u", timestamp); */
+			proto_tree_add_uint(tree, hf_snmp_timestamp, tvb, offset, length, timestamp);
 		}
 		offset += length;
 		break;
@@ -1369,6 +1387,7 @@
 	guint32 enginetime;
 
 	guchar *msgflags;
+	guchar *commustr;
 	guchar *community;
 	guchar *secparm;
 	guchar *cengineid;
@@ -1429,9 +1448,10 @@
 		return;
 	}
 	if (snmp_tree) {
-		proto_tree_add_text(snmp_tree, tvb, offset, length,
+		/* proto_tree_add_text(snmp_tree, tvb, offset, length,
 		    "Version: %s",
-		    val_to_str(version, versions, "Unknown version %#x"));
+		    val_to_str(version, versions, "Unknown version %#x")); */
+		proto_tree_add_uint(snmp_tree,hf_snmp_version, tvb, 0, 1, version);
 	}
 	offset += length;
 
@@ -1447,9 +1467,21 @@
 			return;
 		}
 		if (tree) {
-			proto_tree_add_text(snmp_tree, tvb, offset, length,
+			commustr = g_malloc(community_length+1);
+			memcpy(commustr, community, community_length);
+			commustr[community_length] = '\0';
+
+			/* proto_tree_add_text(snmp_tree, tvb, offset, length,
 			    "Community: %.*s", community_length,
-			    SAFE_STRING(community));
+			    SAFE_STRING(community)); */
+			/* printf("Community(%s), CommuStr(%s), Com_len(%u), len(%u)\n",SAFE_STRING(community),SAFE_STRING(commustr),community_length,length); */
+			proto_tree_add_string(snmp_tree,hf_snmp_community, tvb, offset,
+				length, SAFE_STRING(commustr));
+			/* proto_tree_add_string_format(snmp_tree,hf_snmp_community, tvb, offset,
+				length, "Community: %.*s", community_length,
+				SAFE_STRING(community));
+				There's a prob with that code probably because the string is not \0 terminated */
+			g_free(commustr);
 		}
 		g_free(community);
 		offset += length;
@@ -2069,6 +2101,30 @@
 #endif
 
 	static hf_register_info hf[] = {
+		{ &hf_snmp_version,
+		{ "Version", "snmp.version", FT_UINT8, BASE_DEC, VALS(versions),
+		    0x0, "", HFILL }},
+		{ &hf_snmp_community,
+		{ "Community", "snmp.community", FT_STRING, BASE_NONE, NULL,
+		    0x0, "", HFILL }},
+		{ &hf_snmp_pdutype,
+		{ "PDU type", "snmp.pdutype", FT_UINT8, BASE_DEC, VALS(pdu_types),
+		    0x0, "", HFILL }},
+		{ &hf_snmp_agent,
+		{ "Agent address", "snmp.agent", FT_IPv4, BASE_NONE, NULL,
+		    0x0, "", HFILL }},
+		{ &hf_snmp_enterprise,
+		{ "Enterprise", "snmp.enterprise", FT_STRING, BASE_NONE, NULL,
+		    0x0, "", HFILL }},
+		{ &hf_snmp_traptype,
+		{ "Trap type", "snmp.traptype", FT_UINT8, BASE_DEC, VALS(trap_types),
+		    0x0, "", HFILL }},
+		{ &hf_snmp_spectraptype,
+		{ "Specific trap type", "snmp.spectraptype", FT_UINT8, BASE_DEC, NULL,
+		    0x0, "", HFILL }},
+		{ &hf_snmp_timestamp,
+		{ "Timestamp", "snmp.timestamp", FT_UINT8, BASE_DEC, NULL,
+		    0x0, "", HFILL }},
 		{ &hf_snmpv3_flags,
 		{ "SNMPv3 Flags", "snmpv3.flags", FT_UINT8, BASE_HEX, NULL,
 		    0x0, "", HFILL }},

Follow-Ups:
- Re: [Ethereal-dev] snmp patch: adding filter
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] network interface doesn't show up
Next by Date: RE: [Ethereal-dev] FW: ethereal on IBM mainframe running ZOS
Previous by thread: Re: [Ethereal-dev] network interface doesn't show up
Next by thread: Re: [Ethereal-dev] snmp patch: adding filter
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$