Wireshark · Wireshark-dev: [Wireshark-dev] btsdb dissector improvement, how?

Wireshark-dev: [Wireshark-dev] btsdb dissector improvement, how?

From: Adam Mikuta <adammikuta@xxxxxxxxx>

Date: Fri, 26 Mar 2010 12:17:57 +0100

Hi!

I trying to do some improvements to btsdp dissector but I'm not sure
how to do it in correct way.
For example, we have Service Discovery Protocol packet:

01 Bluetooth SDP: SDP_ServiceSearchAttributeResponse (0x7)
02    PDU: SDP_ServiceSearchAttributeResponse (0x07)
[...]
06    AttributeLists
07        AttributeList
08            Service Attribute: id = ServiceRecordHandle (0x0), value = 65547
09                Attribute ID: ServiceRecordHandle (0x0)
10                Attribute Value
11                    unsigned int 65547
12            Service Attribute: id = ServiceClassIDList (0x1), value
= { UUID:OBEXObjectPush (0x1105)  }
13                Attribute ID: ServiceClassIDList (0x1)
14                Attribute Value
15                    Data Element sequence
16                        OBEXObjectPush(0x1105)
[...]
22            Service Attribute: id = ProtocolDescriptorList (0x4),
value = { { UUID:L2CAP (0x0100)  }  , { UUID:RFCOMM (0x0003)  , 6  }
, { UUID:OBEX (0x0008)  }  }
23                Attribute ID: ProtocolDescriptorList (0x4)
24                Attribute Value
25                    Data Element sequence
26                        Data Element sequence
27                            L2CAP(0x0100)
28                        Data Element sequence
29                            RFCOMM(0x0003)
30                            unsigned int 6
31                        Data Element sequence
32                            OBEX(0x0008)
[...]

In line 30 we have some unrecognized value described as unsigned int.
If we have data element sequence with first field RFCOMM the next one
define channel number for RFCOMM. I did some try to implement it (and
also some other unrecognized fileds). In packet-btsdp.c in
dissect_sdp_type we set description for it as "unsigned int". I didn't
discover easy way to check context of this field, so I did quick and
dirty:

if(0x19 == tvb_get_guint8(t->first_child->finfo->ds_tvb,
t->first_child->finfo->start) && 0x00 ==
tvb_get_guint8(t->first_child->finfo->ds_tvb,
t->first_child->finfo->start+1) && 0x03 ==
tvb_get_guint8(t->first_child->finfo->ds_tvb,
t->first_child->finfo->start+2))
	proto_tree_add_text(t, tvb, start_offset, type_size, "Channel number
%d ", val);

But it looks horrible. And sometimes when we want to recognize field
we need to get parent of actual parent our item, check there some
bytes and then we can know that we are recognizing, for example,
supported formats for OBEX Object Push...

And question is how to do it nice...

Best regards,
Adam

Prev by Date: [Wireshark-dev] Inner workings of libpcap
Next by Date: [Wireshark-dev] Add a decoder to Wireshark ?
Previous by thread: Re: [Wireshark-dev] proto_tree_get_parent()
Next by thread: [Wireshark-dev] Add a decoder to Wireshark ?
Index(es):
- Date
- Thread