unaligned access for you, and will, on at least some platforms, cause
the program to be terminated.
-Wireshark supports platforms with GLib 2.4[.x]/GTK+ 2.4[.x] or newer.
-If a Glib/GTK+ mechanism is available only in Glib/GTK+ versions
-newer than 2.4/2.4 then use "#if GTK_CHECK_VERSION(...)" to conditionally
-compile code using that mechanism.
+Wireshark supports platforms with GLib 2.14[.x]/GTK+ 2.12[.x] or newer.
+If a Glib/GTK+ mechanism is available only in Glib/GTK+ versions newer
+than 2.14/2.12 then use "#if GLIB_CHECK_VERSION(...)" or "#if
+GTK_CHECK_VERSION(...)" to conditionally compile code using that
+mechanism.
When different code must be used on UN*X and Win32, use a #if or #ifdef
that tests _WIN32, not WIN32. Try to write code portably whenever
you're using non-mod-8 tabs. The tabs-vs-spaces document above provides
examples of Emacs and vi modelines for this purpose.
+Please do not leave trailing whitespace (spaces/tabs) on lines.
+
When editing an existing file, try following the existing indentation
logic and even if it very tempting, never ever use a restyler/reindenter
utility on an existing file. If you run across wildly varying
should be changed to include that file.
You may not need to include all the headers listed in the skeleton
-below, and you may need to include additional headers. For example, the
-code inside
-
- #ifdef HAVE_LIBPCRE
-
- ...
-
- #endif
-
-is needed only if you are using a function from libpcre, e.g. the
-"pcre_compile()" function.
+below, and you may need to include additional headers.
The stdio.h, stdlib.h and string.h header files should be included only as needed.
FIELDTYPE FT_NONE, FT_BOOLEAN, FT_UINT8, FT_UINT16, FT_UINT24,
FT_UINT32, FT_UINT64, FT_INT8, FT_INT16, FT_INT24, FT_INT32,
FT_INT64, FT_FLOAT, FT_DOUBLE, FT_ABSOLUTE_TIME,
- FT_RELATIVE_TIME, FT_STRING, FT_STRINGZ, FT_EBCDIC,
+ FT_RELATIVE_TIME, FT_STRING, FT_STRINGZ, FT_EBCDIC, FT_EUI64
FT_UINT_STRING, FT_ETHER, FT_BYTES, FT_UINT_BYTES, FT_IPv4,
FT_IPv6, FT_IPXNET, FT_FRAMENUM, FT_PROTOCOL, FT_GUID, FT_OID
FIELDDISPLAY For FT_UINT{8,16,24,32,64} and FT_INT{8,16,24,32,64):
FT_INT64 A 64-bit signed integer.
FT_FLOAT A single-precision floating point number.
FT_DOUBLE A double-precision floating point number.
- FT_ABSOLUTE_TIME Seconds (4 bytes) and nanoseconds (4 bytes)
- of time since January 1, 1970, midnight
- UTC, displayed as the date, followed by
- the time, as hours, minutes, and seconds
- with 9 digits after the decimal point.
+ FT_ABSOLUTE_TIME An absolute time from some fixed point in time,
+ displayed as the date, followed by the time, as
+ hours, minutes, and seconds with 9 digits after
+ the decimal point.
+
+ Two absolute time encodings may be specified
+ with proto_tree_add_item():
+
+ ENC_TIME_TIMESPEC: Seconds (4 bytes) and
+ nanoseconds (4 bytes) of time since January 1,
+ 1970, midnight UTC.
+
+ ENC_TIME_NTP: NTP timestamps are represented as
+ a 64-bit unsigned fixed-point number, in seconds
+ relative to 0h on 1 January 1900. The integer
+ part is in the first 32 bits and the fraction
+ part in the last 32 bits.
+
+ The encoding must be logically ORed with
+ ENC_BIG_ENDIAN or ENC_LITTLE_ENDIAN as
+ appropriate.
FT_RELATIVE_TIME Seconds (4 bytes) and nanoseconds (4 bytes)
of time relative to an arbitrary time.
displayed as seconds and 9 digits
types, are to be used for text strings,
not raw binary data.
FT_STRINGZ A NUL-terminated string of characters.
+ The string length is normally the length
+ given in the proto_tree_add_item() call.
+ However if the length given in the call
+ is -1, then the length used is that
+ returned by calling tvb_strsize().
FT_EBCDIC A string of characters, not necessarily
NUL-terminated, but possibly NUL-padded.
The data from the packet is converted from
address.
FT_GUID A Globally Unique Identifier
FT_OID An ASN.1 Object Identifier
+ FT_EUI64 A EUI-64 Address
Some of these field types are still not handled in the display filter
routines, but the most common ones are. The FT_UINT* variables all
in your "register" routine, just as you register the protocol and the
fields for that protocol.
+The ett_ variables identify particular type of subtree so that if you expand
+one of them, Wireshark keeps track of that and, when you click on
+another packet, it automatically opens all subtrees of that type.
+If you close one of them, all subtrees of that type will be closed when
+you move to another packet.
+
There are several functions that the programmer can use to add either
protocol or field labels to the proto_tree:
proto_tree_add_oid_format(tree, id, tvb, start, length, value_ptr,
format, ...);
+ proto_item *
+ proto_tree_add_eui64(tree, id, tvb, start, length, value);
+
+ proto_item *
+ proto_tree_add_eui64_format(tree, id, tvb, start, length, value,
+ format, ...);
+
+ proto_item *
+ proto_tree_add_eui64_format_value(tree, id, tvb, start, length,
+ value, format, ...);
+
proto_item *
proto_tree_add_oid_format_value(tree, id, tvb, start, length,
value_ptr, format, ...);
byte order, for items for which that's relevant, is specified by the
'encoding' argument, which is ENC_LITTLE_ENDIAN if the value is
little-endian and ENC_BIG_ENDIAN if it is big-endian. If the byte order
-is not relevant, use ENC_NA (Not Applicable). In the future, other
-elements of the encoding, such as the character encoding for
-character strings, might be supported.
+is not relevant, use ENC_NA (Not Applicable). For some field types,
+additional encoding information, such as the character encoding for
+character strings, are supported.
Now that definitions of fields have detailed information about bitfield
fields, you can use proto_tree_add_item() with no extra processing to
proto_tree_add_int64()
proto_tree_add_guid()
proto_tree_add_oid()
+proto_tree_add_eui64()
------------------------
These routines are used to add items to the protocol tree if either:
For proto_tree_add_bytes(), the 'value_ptr' argument is a pointer to a
sequence of bytes.
+For proto_tree_add_bytes_format() and proto_tree_add_bytes_format_value(), the
+'value_ptr' argument is a pointer to a sequence of bytes or NULL if the bytes
+should be taken from the given TVB using the given offset and length.
+
For proto_tree_add_time(), the 'value_ptr' argument is a pointer to an
"nstime_t", which is a structure containing the time to be added; it has
'secs' and 'nsecs' members, giving the integral part and the fractional
For proto_tree_add_oid(), the 'value_ptr' argument is a pointer to an
ASN.1 Object Identifier.
+For proto_tree_add_eui64(), the 'value' argument is a 64-bit integer
+value
+
proto_tree_add_bytes_format()
proto_tree_add_time_format()
proto_tree_add_ipxnet_format()
proto_tree_add_int64_format()
proto_tree_add_guid_format()
proto_tree_add_oid_format()
+proto_tree_add_eui64_format()
----------------------------
These routines are used to add items to the protocol tree when the
dissector routine wants complete control over how the field and value
proto_tree_add_int64_format_value()
proto_tree_add_guid_format_value()
proto_tree_add_oid_format_value()
+proto_tree_add_eui64_format_value()
------------------------------------
These routines are used to add items to the protocol tree when the
See <http://www.wireshark.org/develop.html>
+
+1.10a Using git with the SVN source code tree.
+
+ Install git and the git-svn package.
+ Run "mkdir git; cd git; git svn clone <svn-url>", e.g. if you are using
+ the anonymous svn tree, run
+ "git svn clone http://anonsvn.wireshark.org/wireshark/trunk/"
+
+ After that, a typical workflow may look like this (from "man git-svn"):
+
+ # Clone a repo (like git clone):
+ git svn clone http://svn.example.com/project/trunk
+ # Enter the newly cloned directory:
+ cd trunk
+ # You should be on master branch, double-check with ´git branch´
+ git branch
+ # Do some work and commit locally to git:
+ git commit ...
+ # Something is committed to SVN, rebase your local changes against the
+ # latest changes in SVN:
+ git svn rebase
+ # Now commit your changes (that were committed previously using git) to SVN
+ # as well as automatically updating your working HEAD:
+ git svn dcommit
+ # Append svn:ignore settings to the default git exclude file:
+ git svn show-ignore >> .git/info/exclude
+
+
1.11 Submitting code for your new dissector.
- VERIFY that your dissector code does not use prohibited or deprecated APIs
"." between them, to construct a name that identifies
the field in the preference file; the name itself
should not include the protocol name, as the name in
- the preference file will already have it
+ the preference file will already have it. Make sure that
+ only lower-case ASCII letters, numbers, underscores and
+ dots appear in the preference name.
title - Field title in the preferences dialog
description - Comments added to the preference file above the
preference value and shown as tooltip in the GUI, or NULL
ptvcursor API.
proto_item*
-ptvcursor_add(ptvcursor_t* ptvc, int hf, gint length, gboolean endianness)
+ptvcursor_add(ptvcursor_t* ptvc, int hf, gint length, const guint encoding)
This will extract 'length' bytes from the tvbuff and place it in
the proto_tree as field 'hf', which is a registered header_field. The
pointer to the proto_item that is created is passed back to you. Internally,
the ptvcursor advances its cursor so the next call to ptvcursor_add
-starts where this call finished. The 'endianness' parameter matters for
-FT_UINT* and FT_INT* fields.
+starts where this call finished. The 'encoding' parameter is relevant for
+certain type of fields (See above under proto_tree_add_item()).
proto_item*
-ptvcursor_add_no_advance(ptvcursor_t* ptvc, int hf, gint length, gboolean endianness)
+ptvcursor_add_no_advance(ptvcursor_t* ptvc, int hf, gint length, const guint encoding)
Like ptvcursor_add, but does not advance the internal cursor.
void
proto_tree*
ptvcursor_add_with_subtree(ptvcursor_t* ptvc, int hfindex, gint length,
- gboolean little_endian, gint ett_subtree);
+ const guint encoding, gint ett_subtree);
Adds an item to the tree and creates a subtree.
If the length is unknown, length may be defined as SUBTREE_UNDEFINED_LENGTH.
In this case, at the next pop, the item length will be equal to the advancement
git.samba.org / obnox / wireshark / wip.git / blobdiff