11644473600ULL
Don't assume that you can scan through a va_list initialized by va_start
-more than once without closing it with va_end and re-initalizing it with
+more than once without closing it with va_end and re-initializing it with
va_start. This applies even if you're not scanning through it yourself,
but are calling a routine that scans through it, such as vfprintf() or
one of the routines in Wireshark that takes a format and a va_list as an
should be changed to include that file.
You may not need to include all the headers listed in the skeleton
-below, and you may need to include additional headers. For example, the
-code inside
-
- #ifdef HAVE_LIBPCRE
-
- ...
-
- #endif
-
-is needed only if you are using a function from libpcre, e.g. the
-"pcre_compile()" function.
+below, and you may need to include additional headers.
The stdio.h, stdlib.h and string.h header files should be included only as needed.
Use this function instead of prefs_register_protocol if you want to group
preferences of several protocols under one preferences subtree.
Argument subtree identifies grouping tree node name, several subnodes can be
- specified usign slash '/' (e.g. "OSI/X.500" - protocol preferences will be
+ specified using slash '/' (e.g. "OSI/X.500" - protocol preferences will be
accessible under Protocols->OSI->X.500-><PROTOSHORTNAME> preferences node.
*/
PROTOABBREV_module = prefs_register_protocol_subtree(const char *subtree,
#endif
+/*
+ * Editor modelines - http://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 4
+ * tab-width: 8
+ * indent-tabs-mode: nil
+ * End:
+ *
+ * vi: set shiftwidth=4 tabstop=8 expandtab:
+ * :indentSize=4:tabSize=8:noTabs=true:
+ */
+
+
------------------------------------Cut here------------------------------------
1.3 Explanation of needed substitutions in code skeleton.
FIELDTYPE FT_NONE, FT_BOOLEAN, FT_UINT8, FT_UINT16, FT_UINT24,
FT_UINT32, FT_UINT64, FT_INT8, FT_INT16, FT_INT24, FT_INT32,
FT_INT64, FT_FLOAT, FT_DOUBLE, FT_ABSOLUTE_TIME,
- FT_RELATIVE_TIME, FT_STRING, FT_STRINGZ, FT_EBCDIC, FT_EUI64
+ FT_RELATIVE_TIME, FT_STRING, FT_STRINGZ, FT_EUI64,
FT_UINT_STRING, FT_ETHER, FT_BYTES, FT_UINT_BYTES, FT_IPv4,
FT_IPv6, FT_IPXNET, FT_FRAMENUM, FT_PROTOCOL, FT_GUID, FT_OID
FIELDDISPLAY For FT_UINT{8,16,24,32,64} and FT_INT{8,16,24,32,64):
guint8 tvb_get_guint8(tvbuff_t*, gint offset);
Network-to-host-order accessors for 16-bit integers (guint16), 24-bit
-integers, 32-bit integers (guint32), and 64-bit integers (guint64):
+integers, 32-bit integers (guint32), 40-bit integers, 48-bit integers,
+56-bit integers and 64-bit integers (guint64):
guint16 tvb_get_ntohs(tvbuff_t*, gint offset);
guint32 tvb_get_ntoh24(tvbuff_t*, gint offset);
gdouble tvb_get_ntohieee_double(tvbuff_t*, gint offset);
Little-Endian-to-host-order accessors for 16-bit integers (guint16),
-24-bit integers, 32-bit integers (guint32), and 64-bit integers
-(guint64):
+24-bit integers, 32-bit integers (guint32), 40-bit integers, 48-bit
+integers, 56-bit integers, and 64-bit integers (guint64):
guint16 tvb_get_letohs(tvbuff_t*, gint offset);
guint32 tvb_get_letoh24(tvbuff_t*, gint offset);
"tvb_get_letohl()" instead, as "tvb_get_letohl()" will give the wrong
answer on big-endian machines.
+gchar *tvb_ip_to_str(tvbuff_t *tvb, const gint offset)
+gchar *tvb_ip6_to_str(tvbuff_t *tvb, const gint offset)
+
+Returns a null-terminated buffer containing a string with IPv4 or IPv6 Address
+from the specified tvbuff, starting at the specified offset.
+
Accessors for GUID:
void tvb_get_ntohguid(tvbuff_t *, gint offset, e_guid_t *guid);
free() this buffer, it will happen automatically once the a new capture or
file is opened.
-tvb_fake_unicode() has been superceded by tvb_get_unicode_string(), which
+tvb_fake_unicode() has been superseded by tvb_get_unicode_string(), which
properly handles Unicode (UTF-16) strings by converting them to UTF-8.
-tvb_get_ephemeral_faked_unicode() has been superceded by tvb_get_ephemeral_string(), which properly handles Unicode (UTF-16) strings by converting them
-to UTF-8.
+tvb_get_ephemeral_faked_unicode() has been superseded by
+tvb_get_ephemeral_string(), which properly handles Unicode (UTF-16) strings by
+converting them to UTF-8.
Byte Array Accessors:
Given a tvbuff, an offset into the tvbuff, and a length that starts
at that offset (which may be -1 for "all the way to the end of the
tvbuff"), fetch BCD encoded digits from a tvbuff starting from either
-the low or high half byte, formating the digits according to an input digit set,
+the low or high half byte, formatting the digits according to an input digit set,
if NUll a default digit set of 0-9 returning "?" for overdecadic digits will be used.
A pointer to the EP allocated string will be returned.
Note: a tvbuff content of 0xf is considered a 'filler' and will end the conversion.
displayed as the date, followed by the time, as
hours, minutes, and seconds with 9 digits after
the decimal point.
-
- Two absolute time encodings may be specified
- with proto_tree_add_item():
-
- ENC_TIME_TIMESPEC: Seconds (4 bytes) and
- nanoseconds (4 bytes) of time since January 1,
- 1970, midnight UTC.
-
- ENC_TIME_NTP: NTP timestamps are represented as
- a 64-bit unsigned fixed-point number, in seconds
- relative to 0h on 1 January 1900. The integer
- part is in the first 32 bits and the fraction
- part in the last 32 bits.
-
- The encoding must be logically ORed with
- ENC_BIG_ENDIAN or ENC_LITTLE_ENDIAN as
- appropriate.
FT_RELATIVE_TIME Seconds (4 bytes) and nanoseconds (4 bytes)
of time relative to an arbitrary time.
displayed as seconds and 9 digits
after the decimal point.
FT_STRING A string of characters, not necessarily
- NUL-terminated, but possibly NUL-padded.
+ NULL-terminated, but possibly NULL-padded.
This, and the other string-of-characters
types, are to be used for text strings,
not raw binary data.
- FT_STRINGZ A NUL-terminated string of characters.
+ FT_STRINGZ A NULL-terminated string of characters.
The string length is normally the length
given in the proto_tree_add_item() call.
However if the length given in the call
is -1, then the length used is that
returned by calling tvb_strsize().
- FT_EBCDIC A string of characters, not necessarily
- NUL-terminated, but possibly NUL-padded.
- The data from the packet is converted from
- EBCDIC to ASCII before displaying to the user.
FT_UINT_STRING A counted string of characters, consisting
of a count (represented as an integral value,
of width given in the proto_tree_add_item()
If all of a contiguous range of values from min to max are present in the array
the value will be used as as a direct index into a value_string array.
-If the values in the array are not contiguous (ie: there are "gaps"), but are in assending order
-a binary search will be used.
+If the values in the array are not contiguous (ie: there are "gaps"), but are
+in ascending order a binary search will be used.
-Note: "gaps" in a value_string array can be filled with "empty" entries eg: {value, "Unknown"} so that
-direct access to the array is is possible.
+Note: "gaps" in a value_string array can be filled with "empty" entries eg:
+{value, "Unknown"} so that direct access to the array is is possible.
-The init macro (see below) will perform a check on the value string
-the first time it is used to determine which search algorithm fits and fall back to a linear search
-if the value_string does not meet the criteria above.
+The init macro (see below) will perform a check on the value string the first
+time it is used to determine which search algorithm fits and fall back to a
+linear search if the value_string does not meet the criteria above.
-Use this macro to initialise the extended value_string at comile time:
+Use this macro to initialize the extended value_string at compile time:
static value_string_ext valstringname_ext = VALUE_STRING_EXT_INIT(valstringname);
-Extended value strings can be created at runtime by calling
+Extended value strings can be created at run time by calling
value_string_ext_new(<ptr to value_string array>,
<total number of entries in the value_string_array>, /* include {0, NULL} entry */
<value_string_name>);
-For hf[] array FT_(U)INT* fields that need a 'valstringname_ext' struct, the 'strings' field
-would be set to '&valstringname_ext)'. Furthermore, 'display' field must be
-ORed with 'BASE_EXT_STRING' (e.g. BASE_DEC|BASE_EXT_STRING).
+For hf[] array FT_(U)INT* fields that need a 'valstringname_ext' struct, the
+'strings' field would be set to '&valstringname_ext)'. Furthermore, 'display'
+field must be ORed with 'BASE_EXT_STRING' (e.g. BASE_DEC|BASE_EXT_STRING).
-- Ranges
The item added to the GUI tree will contain the name (as passed in the
proto_register_*() function) and a value. The value will be fetched
from the tvbuff by proto_tree_add_item(), based on the type of the field
-and, for integral and Boolean fields, the byte order of the value; the
-byte order, for items for which that's relevant, is specified by the
-'encoding' argument, which is ENC_LITTLE_ENDIAN if the value is
-little-endian and ENC_BIG_ENDIAN if it is big-endian. If the byte order
-is not relevant, use ENC_NA (Not Applicable). In the future, other
-elements of the encoding, such as the character encoding for
-character strings, might be supported.
+and the encoding of the value as specified by the "encoding" argument.
+
+For FT_NONE, FT_BYTES, FT_ETHER, FT_IPv6, FT_IPXNET, FT_OID fields,
+and 'protocol' fields the encoding is not relevant; the 'encoding'
+argument should be ENC_NA (Not Applicable).
+
+For integral, floating-point, Boolean, FT_GUID, and FT_EUI64 fields,
+the encoding specifies the byte order of the value; the 'encoding'
+argument should be is ENC_LITTLE_ENDIAN if the value is little-endian
+and ENC_BIG_ENDIAN if it is big-endian.
+
+For FT_IPv4 fields, the encoding also specifies the byte order of the
+value. In almost all cases, the encoding is in network byte order,
+hence big-endian, but in at least one protocol dissected by Wireshark,
+at least one IPv4 address is byte-swapped, so it's in little-endian
+order.
+
+For string fields, the encoding specifies the character set used for the
+string and the way individual code points in that character set are
+encoded. For FT_UINT_STRING fields, the byte order of the count must be
+specified; when support for UTF-16 encoding is added, the byte order of
+the encoding will also have to be specified. In other cases, ENC_NA
+should be used. The character encodings that are currently
+supported are:
+
+ ENC_UTF_8 - UTF-8
+ ENC_ASCII - ASCII (currently treated as UTF-8; in the future,
+ all bytes with the 8th bit set will be treated as
+ errors)
+ ENC_EBCDIC - EBCDIC
+
+Other encodings will be added in the future.
+
+For FT_ABSOLUTE_TIME fields, the encoding specifies the form in which
+the time stamp is specified, as well as its byte order. The time stamp
+encodings that are currently supported are:
+
+ ENC_TIME_TIMESPEC - seconds (4 bytes) and nanoseconds (4 bytes)
+ of time since January 1, 1970, midnight UTC.
+
+ ENC_TIME_NTP - an NTP timestamp, represented as a 64-bit
+ unsigned fixed-point number, in seconds relative to 0h
+ on 1 January 1900. The integer part is in the first 32
+ bits and the fraction part in the last 32 bits.
+
+For other types, there is no support for proto_tree_add_item().
Now that definitions of fields have detailed information about bitfield
fields, you can use proto_tree_add_item() with no extra processing to
For proto_tree_add_oid(), the 'value_ptr' argument is a pointer to an
ASN.1 Object Identifier.
-For proto_tree_add_eui64(), the 'value' argument is a 64-bit integer
+For proto_tree_add_eui64(), the 'value' argument is a 64-bit integer
value
proto_tree_add_bytes_format()
...
static gint ett_scsi_inq_peripheral = -1;
...
- static const int *peripheal_fields[] = {
+ static const int *peripheral_fields[] = {
&hf_scsi_inq_qualifier,
&hf_scsi_inq_devtype,
NULL
...
/* Qualifier and DeviceType */
proto_tree_add_bitmask(tree, tvb, offset, hf_scsi_inq_peripheral,
- ett_scsi_inq_peripheral, peripheal_fields, FALSE);
+ ett_scsi_inq_peripheral, peripheral_fields, FALSE);
offset+=1;
...
{ &hf_scsi_inq_peripheral,
See <http://www.wireshark.org/develop.html>
+
+1.10a Using git with the SVN source code tree.
+
+ Install git and the git-svn package.
+ Run "mkdir git; cd git; git svn clone <svn-url>", e.g. if you are using
+ the anonymous svn tree, run
+ "git svn clone http://anonsvn.wireshark.org/wireshark/trunk/"
+
+ After that, a typical workflow may look like this (from "man git-svn"):
+
+ # Clone a repo (like git clone):
+ git svn clone http://svn.example.com/project/trunk
+ # Enter the newly cloned directory:
+ cd trunk
+ # You should be on master branch, double-check with ´git branch´
+ git branch
+ # Do some work and commit locally to git:
+ git commit ...
+ # Something is committed to SVN, rebase your local changes against the
+ # latest changes in SVN:
+ git svn rebase
+ # Now commit your changes (that were committed previously using git) to SVN
+ # as well as automatically updating your working HEAD:
+ git svn dcommit
+ # Append svn:ignore settings to the default git exclude file:
+ git svn show-ignore >> .git/info/exclude
+
+
1.11 Submitting code for your new dissector.
- VERIFY that your dissector code does not use prohibited or deprecated APIs
uses conversation timestamps that makes it possible to enable and
disable the calculation of conversation timestamps. The main argument
for this is that a higher level conversation is able to overwrite
-the values of lowel level conversations in these two columns. Being
+the values of lower level conversations in these two columns. Being
able to actively select which protocols may overwrite the conversation
timestamp columns gives the user the power to control these columns.
(A second reason is that conversation timestamps use the per-packet
};
/**
-* Dissect a buffer containing C strings.
+* Dissect a buffer containing ASCII C strings.
*
* @param tvb The buffer to dissect.
* @param pinfo Packet Info.
if (tree) {
proto_tree_add_item(tree, hf_cstring, tvb, offset, len,
- ENC_NA);
+ ENC_ASCII|ENC_NA);
}
offset += (guint)len;
}