Wireshark-dev: Re: [Wireshark-dev] removed functions fast way to find substitutes?
From: Semjon <semgo@xxxxxx>
Date: Sat, 22 Nov 2014 02:11:17 +0100
Am 21.11.2014 um 23:24 schrieb Pascal Quantin: > > > 2014-11-21 17:34 GMT+01:00 Semjon <semgo-S0/GAf8tV78@xxxxxxxxxxxxxxxx > <mailto:semgo-S0/GAf8tV78@xxxxxxxxxxxxxxxx>>: > > > > Am 21.11.2014 um 15:42 schrieb Bill Meier: > > On 11/21/2014 9:29 AM, Pascal Quantin wrote: > >> > >> > >> 2014-11-21 14:06 GMT+01:00 Semjon > <semgo-S0/GAf8tV78-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx > <mailto:GAf8tV78-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx> > >> <mailto:semgo-S0 > <mailto:semgo-S0>/GAf8tV78-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx > <mailto:GAf8tV78-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx>>>: > >> > >> > >> > >> > >> Am 21.11.2014 um 10:06 schrieb Guy Harris: > >> > > >> > On Nov 21, 2014, at 12:48 AM, Semjon > >> <semgo-S0/GAf8tV78-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx > <mailto:GAf8tV78-XMD5yJDbdMReXY1tMh2IBg-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx> > >> > <mailto:GAf8tV78-XMD5yJDbdMReXY1tMh2IBg-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx > <mailto:GAf8tV78-XMD5yJDbdMReXY1tMh2IBg-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx>>> > wrote: > >> > > >> >> One of my current problems is with > >> >> > >> >> tvb_get_faked_unicode(...) > >> >> > >> >> which isn't available anymore. > >> >> In my Protocol I have some Ascii-encoded String but which > comes > >> as two > >> >> bytes per character. Example: > >> >> {0x0031, 0x0032, 0x0033, 0x0034, 0x0000} in tvb should > display in > >> >> GUI/Tree/PacketList as "1234" > >> > > >> > If that's truly ASCII-encoded, that would be a significant > waste > >> of bytes - you could just use one byte per character for > ASCII; if > >> the second byte is always zero, that byte serves no useful > purpose. > >> > > >> > So I'll assume it's a *superset* of ASCII, and that you mean > >> either "UTF-16 encoded string" or "UCS-2 encoded string" > rather than > >> "ASCII-encoded string which comes as two bytes per character". > >> > > >> > So: > >> > > >> >> I used to call: > >> >> > >> >> tvb_get_faked_unicode(NULL,tvb, 20, > >> ((tvb_length(tvb)-20)/2),ENC_BIG_ENDIAN) > >> >> > >> >> and display result as %s in col_append_fstr() or as > FT_STRING in > >> >> proto_tree_add_string(). > >> >> > >> >> So could anyone give me a hint, is there a function still > >> available for > >> >> this type of encoding > >> > > >> > tvb_get_string_enc(tvb, {offset}, {length of string}, > >> ENC_UTF_16|ENC_BIG_ENDIAN) > >> > > >> > or > >> > > >> > tvb_get_string_enc(tvb, {offset}, {length of string}, > >> ENC_UCS_2|ENC_BIG_ENDIAN) > >> > > >> > depending on whether it's UTF-16 (with surrogate pairs to > handle > >> Unicode characters that don't fit in 16 bits) or UCS-2 > (supporting > >> only characters in the Unicode Basic Multilingual Plane, without > >> surrogate pairs). > >> > > >> > Note that tvb_get_string_enc() returns a UTF-8-encoded string; > >> octet sequences that can't be mapped to UTF-8 strings will be > >> replaced by the Unicode "replacement character". > >> > > >> >> In general is there a fast/convenient way - other than > manually > >> looking > >> >> through the sources after functions that might do what i > want - > >> to check > >> >> if this function X is now replaced by function Y. > >> > > >> > No. You could check doc/README.developer, etc. to see if > >> anything is mentioned. > >> > > >> >> Other examples I need to replace are: > >> >> abs_time_to_ep_str() > >> > > >> > abs_time_to_str({wmem scope}, ...) > >> > > >> > The old "ephemeral" and "session" memory mechanisms are > >> deprecated in favor of the new wmem mechanisms. The scope that's > >> equivalent to "ephemeral" scope is, I think, packet scope (right, > >> Evan?), so you'd want > >> > > >> > abs_time_to_str(wmem_packet_scope(), ...) > >> > > >> >> nstime_delta() > >> > > >> > Its replacement is called nstime_delta() and has the exact > same > >> arguments. :-) > >> > > >> > However, you need to include <wsutil/nstime.h> to get it > declared. > >> > > >> > >> Well thanks a lot everybody for helping. I could resolve almost > >> all of > >> my Problems with Your help. In fact the "ASCII encoded > >> 2-byte-string" is > >> a Unicode String shame on me :-) > >> > >> Unfortunately no luck with nstime_delta(). > >> > >> I already had included <wsutil/nstime.h> > >> > >> My call looks like this: > >> > >> proto_item *it; > >> nstime_t ns; > >> > >> it=proto_tree_add_uint(xyz_tree, hf_xyz_response_to, > tvb, > >> 0, 0, > >> xyz_trans->req_frame); > >> PROTO_ITEM_SET_GENERATED(it); > >> > >> nstime_delta(&ns, &pinfo->fd->abs_ts, > &xyz_trans->req_time); > >> it=proto_tree_add_time(xyz_tree, hf_xyz_response_time, > >> tvb, 0, > >> 0, &ns); > >> PROTO_ITEM_SET_GENERATED(it); > >> > >> It always generates errors LNK2019/LNK1120 ... unresolved > external > >> symbol "__imp__nstime_delta" in function ... > >> > >> Hope You have an idea here. I'm not really good in finding the > >> necessary > >> functions/files to include in such a big project and my > search on the > >> www on this was not successful. > >> > >> > >> Hi, > >> > >> assuming that your proprietary dissector is a plugin, ensure that > your > >> makefile indicates the path to libwsutil. I guess you are on > Windows, so > >> your Makefile.nmake file should contain: > >> > >> !IFDEF ENABLE_LIBWIRESHARK > >> LINK_PLUGIN_WITH= ..\..\wsutil\libwsutil.lib > >> CFLAGS=$(CFLAGS) > >> > >> > > > > > > See plugins\ethercat for a dissector which uses nstime_delta() [in > > packet-esl.c]. > > > > Also: proto.h (#included by packet.h) #includes nstime.h so you > need not > > explicitly include same. > > > > > > > > > ___________________________________________________________________________ > > Sent via: Wireshark-dev mailing list > > > <wireshark-dev-IZ8446WsY0/dtAWm4Da02A-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx > <mailto:dtAWm4Da02A@xxxxxxxxxxxxxxxx>> > > Archives: http://www.wireshark.org/lists/wireshark-dev > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > > > mailto:wireshark-dev-request-IZ8446WsY0 > <mailto:wireshark-dev-request-IZ8446WsY0>/dtAWm4Da02A-XMD5yJDbdMReXY1tMh2IBg@xxxxxxxxxxxxxxxx?subject=unsubscribe > <http://dtAWm4Da02A-XMD5yJDbdMToUJ55TTLPZA@xxxxxxxxxxxxxxxxxxxx?subject=unsubscribe> > > > > > > This is what I have in my Makefile.nmake, all automatic generated: > > CFLAGS=/WX /DHAVE_CONFIG_H /I../.. $(GLIB_CFLAGS) \ > /I$(PCAP_DIR)\include -D_U_="" $(LOCAL_CFLAGS) > > !IFDEF ENABLE_LIBWIRESHARK > LINK_PLUGIN_WITH=..\..\epan\libwireshark.lib > CFLAGS=/D_NEED_VAR_IMPORT_ $(CFLAGS) > > if I change it to what You suggested Pascal it throws loads of the > LNK2010/LNK1120 errors so I'd rather stick with one of these errors and > change it back :-) > > I'm running windows 7 pro 64 with MSVC2010EE and building the dissector > as a dll-plugin win32 variant which worked fine until some wireshark > source version. > Yesterday I started using Wireshark 1.99.1 which itself without the > plugin compiled without problems. > Unfortunately I can't remember when nstime_delta startet making problems > in my plugin as I didn't need it this bad so I just commented it out for > later. > I think it startet with the 1.11.x sources... > > You're right Bill even packet-tcp uses nstime_delta without including > nstime.h explicitly. I compared ethercat to my dissector. Only > difference I see is that Ethercat includes glib.h in packet-esl.c where > nstime_delta is called. I don't include glib.h but it doesn't make a > difference if I do I tried it. > > If there's some additional Info I could provide just tell me as I have > no clue where to look at the moment :-( > > > Edit Makefile.nmake and replace: > LINK_PLUGIN_WITH=..\..\epan\libwireshark.lib > by > LINK_PLUGIN_WITH=..\..\epan\libwireshark.lib ..\..\wsutil\libwsutil.lib > > Pascal. > > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev-IZ8446WsY0/dtAWm4Da02A@xxxxxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-request-IZ8446WsY0/dtAWm4Da02A@xxxxxxxxxxxxxxxx?subject=unsubscribe > And this is the solution. Thank You very much! Best Regards Semgo
- References:
- [Wireshark-dev] removed functions fast way to find substitutes?
- From: Semjon
- Re: [Wireshark-dev] removed functions fast way to find substitutes?
- From: Guy Harris
- Re: [Wireshark-dev] removed functions fast way to find substitutes?
- From: Semjon
- Re: [Wireshark-dev] removed functions fast way to find substitutes?
- From: Pascal Quantin
- Re: [Wireshark-dev] removed functions fast way to find substitutes?
- From: Bill Meier
- Re: [Wireshark-dev] removed functions fast way to find substitutes?
- From: Semjon
- Re: [Wireshark-dev] removed functions fast way to find substitutes?
- From: Pascal Quantin
- [Wireshark-dev] removed functions fast way to find substitutes?
- Prev by Date: Re: [Wireshark-dev] removed functions fast way to find substitutes?
- Next by Date: [Wireshark-dev] TCP window size, how to analyze?
- Previous by thread: Re: [Wireshark-dev] removed functions fast way to find substitutes?
- Next by thread: Re: [Wireshark-dev] removed functions fast way to find substitutes?
- Index(es):