Wireshark · Wireshark-users: [Wireshark-users] New dissector: variable length of a fields

Wireshark-users: [Wireshark-users] New dissector: variable length of a fields

From: Dmitrij K <kdiman@xxxxxxx>

Date: Sat, 15 Feb 2014 23:08:51 +0000

Hi all.

I have some protocol over TCP, header fot it is:

[CODE=C]
struct Header {
uint8_t magic1; // marker1
uint8_t flags;
uint16_t sz; // sizeof datas
uint16_t e_flags; // extended flags
uint8_t magic2; // marker2
// array of bytes
// uint8_t magic3;
};
[/CODE]

// after the header follows datas (with length sz field), + magic3 byte


But after compile and applying decode to traffic, I get error,
if length of datas equal 0.

What I do wrong ?


I did:

[CODE=C]
static hf_register_info hf[] = {
        { &hf_hdr_magic1,
            { "Field magic1", "myproto.hdr.magic1",
            FT_UINT8, BASE_HEX,
            NULL, 0x0,
            "marker1 of packet", HFILL }
        },
        { &hf_hdr_flags,
            { "Field flags", "myproto.hdr.flags",
            FT_UINT8, BASE_HEX,
            NULL, 0x0,
            "flags", HFILL }
        },
        { &hf_hdr_sz,
            { "Field sz", "myproto.hdr.sz",
            FT_UINT16, BASE_DEC,
           NULL , 0x0,
            "size of datas", HFILL }
        },
        { &hf_hdr_e_flags,
            { "Field e_flags", "myproto.hdr.e_flags",
            FT_UINT16, BASE_HEX,
           NULL , 0x0,
            "extended flags", HFILL }
        },
        { &hf_hdr_magic2,
            { "Field magic2", "myproto.hdr.magic2",
            FT_UINT8, BASE_HEX,
            NULL, 0x0,
            "marker2 of packet", HFILL }
        },
        { &hf_hdr_datas,
            { "Binary datas range from 0-*", "myproto.hdr.datas",
            FT_BYTES, BASE_NONE,
            NULL , 0x0,
            "datas", HFILL }
        },
        { &hf_hdr_magic3,
            { "Field magic3", "myproto.hdr.magic3",
            FT_UINT8, BASE_HEX,
            NULL, 0x0,
            "marker3 of packet", HFILL }
        }
};


if (tree) {
     guint16 ldata = 0;
     gint offset = 0;
     proto_item *ti = NULL;
     proto_tree *my_tree = NULL;
     
     ti = proto_tree_add_item(tree, my_proto, tvb, 0, -1, FALSE);
     my_tree = proto_item_add_subtree(ti, my_ett);
     
     proto_tree_add_item(my_tree, hf_hdr_magic1, tvb, offset, 1, FALSE); offset += 1;
     proto_tree_add_item(my_tree, hf_hdr_flags, tvb, offset, 1, FALSE); offset += 1;

     ldata = tvb_get_ntohs(tvb, offset);
     proto_tree_add_item(my_tree, hf_hdr_sz, tvb, offset, 2, FALSE); offset += 2;
     proto_tree_add_item(my_tree, hf_hdr_e_flags, tvb, offset, 2, FALSE); offset += 2;
     proto_tree_add_item(my_tree, hf_hdr_magic2, tvb, offset, 1, FALSE); offset += 1;
     
     proto_tree_add_item(my_tree, hf_hdr_data, tvb, offset, ldata, FALSE); offset += ldata;
     
     proto_tree_add_item(my_tree, hf_hdr_magic3, tvb, offset, -1, FALSE); offset += 1;
     
}
[/CODE]

--
regards

Follow-Ups:
- Re: [Wireshark-users] New dissector: variable length of a fields
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] question about nas-eps cipher message
Next by Date: Re: [Wireshark-users] New dissector: variable length of a fields
Previous by thread: Re: [Wireshark-users] Double frame
Next by thread: Re: [Wireshark-users] New dissector: variable length of a fields
Index(es):
- Date
- Thread