function (proto_reg_handoff).
*/
- dissector_delete("tcp.port", currentPort, PROTOABBREV_handle);
+ dissector_delete_uint("tcp.port", currentPort, PROTOABBREV_handle);
}
currentPort = gPORT_PREF;
- dissector_add("tcp.port", currentPort, PROTOABBREV_handle);
+ dissector_add_uint("tcp.port", currentPort, PROTOABBREV_handle);
}
*/
PROTOABBREV_handle = new_create_dissector_handle(dissect_PROTOABBREV,
proto_PROTOABBREV);
- dissector_add("PARENT_SUBFIELD", ID_VALUE, PROTOABBREV_handle);
+ dissector_add_uint("PARENT_SUBFIELD", ID_VALUE, PROTOABBREV_handle);
}
#endif
guint16 tvb_get_ntohs(tvbuff_t*, gint offset);
guint32 tvb_get_ntoh24(tvbuff_t*, gint offset);
guint32 tvb_get_ntohl(tvbuff_t*, gint offset);
+guint64 tvb_get_ntoh40(tvbuff_t*, gint offset);
+guint64 tvb_get_ntoh48(tvbuff_t*, gint offset);
+guint64 tvb_get_ntoh56(tvbuff_t*, gint offset);
guint64 tvb_get_ntoh64(tvbuff_t*, gint offset);
Network-to-host-order accessors for single-precision and
guint16 tvb_get_letohs(tvbuff_t*, gint offset);
guint32 tvb_get_letoh24(tvbuff_t*, gint offset);
guint32 tvb_get_letohl(tvbuff_t*, gint offset);
+guint64 tvb_get_letoh40(tvbuff_t*, gint offset);
+guint64 tvb_get_letoh48(tvbuff_t*, gint offset);
+guint64 tvb_get_letoh56(tvbuff_t*, gint offset);
guint64 tvb_get_letoh64(tvbuff_t*, gint offset);
Little-Endian-to-host-order accessors for single-precision and
String accessors:
guint8 *tvb_get_string(tvbuff_t*, gint offset, gint length);
+gchar *tvb_get_unicode_string(tvbuff_t *tvb, const gint offset, gint length, const guint encoding);
guint8 *tvb_get_ephemeral_string(tvbuff_t*, gint offset, gint length);
+gchar *tvb_get_ephemeral_unicode_string(tvbuff_t *tvb, const gint offset, gint length, const guint encoding);
guint8 *tvb_get_seasonal_string(tvbuff_t*, gint offset, gint length);
Returns a null-terminated buffer containing data from the specified
g_free() it when you are finished with the string. Failure to g_free() this
buffer will lead to memory leaks.
+tvb_get_unicode_string() is a unicode (UTF-16) version of above. This
+is intended for reading UTF-16 unicode strings out of a tvbuff and
+returning them as a UTF-8 string for use in Wireshark. The offset and
+returned length pointer are in bytes, not UTF-16 characters.
+
tvb_get_ephemeral_string() returns a buffer allocated from a special heap
with a lifetime until the next packet is dissected. You do not need to
free() this buffer, it will happen automatically once the next packet is
dissected.
+tvb_get_ephemeral_unicode_string() is a unicode (UTF-16) version of above.
+This is intended for reading UTF-16 unicode strings out of a tvbuff and
+returning them as a UTF-8 string for use in Wireshark. The offset and
+returned length pointer are in bytes, not UTF-16 characters.
+
tvb_get_seasonal_string() returns a buffer allocated from a special heap
with a lifetime of the current capture session. You do not need to
free() this buffer, it will happen automatically once the a new capture or
file is opened.
guint8 *tvb_get_stringz(tvbuff_t *tvb, gint offset, gint *lengthp);
+const guint8 *tvb_get_const stringz(tvbuff_t *tvb, gint offset, gint *lengthp);
guint8 *tvb_get_ephemeral_stringz(tvbuff_t *tvb, gint offset, gint *lengthp);
+gchar *tvb_get_ephemeral_unicode_stringz(tvbuff_t *tvb, const gint offset, gint *lengthp, const guint encoding);
guint8 *tvb_get_seasonal_stringz(tvbuff_t *tvb, gint offset, gint *lengthp);
-Returns a null-terminated buffer, allocated with "g_malloc()",
-containing data from the specified tvbuff, starting at the
-specified offset, and containing all characters from the tvbuff up to
-and including a terminating null character in the tvbuff. "*lengthp"
-will be set to the length of the string, including the terminating null.
+Returns a null-terminated buffer containing data from the specified tvbuff,
+starting at the specified offset, and containing all characters from the
+tvbuff up to and including a terminating null character in the tvbuff.
+"*lengthp" will be set to the length of the string, including the terminating
+null.
tvb_get_stringz() returns a buffer allocated by g_malloc() so you must
g_free() it when you are finished with the string. Failure to g_free() this
buffer will lead to memory leaks.
+
+tvb_get_const_stringz() returns a pointer to the (const) string in the tvbuff.
+You do not need to free() this buffer, it will happen automatically once the
+next packet is dissected. This function is slightly more efficient than the
+others because it does not allocate memory and copy the string.
+
tvb_get_ephemeral_stringz() returns a buffer allocated from a special heap
with a lifetime until the next packet is dissected. You do not need to
free() this buffer, it will happen automatically once the next packet is
dissected.
+tvb_get_ephemeral_unicode_stringz() is a unicode (UTF-16) version of
+above. This is intended for reading UTF-16 unicode strings out of a tvbuff
+and returning them as a UTF-8 string for use in Wireshark. The offset and
+returned length pointer are in bytes, not UTF-16 characters.
+
tvb_get_seasonal_stringz() returns a buffer allocated from a special heap
with a lifetime of the current capture session. You do not need to
free() this buffer, it will happen automatically once the a new capture or
file is opened.
-guint8 *tvb_fake_unicode(tvbuff_t*, gint offset, gint length, gboolean little_endian);
-guint8 *tvb_get_ephemeral_faked_unicode(tvbuff_t*, gint offset, gint length, gboolean little_endian);
-
-Converts a 2-byte unicode string to an ASCII string.
-Returns a null-terminated buffer containing data from the specified
-tvbuff, starting at the specified offset, and containing the specified
-length worth of characters (the length of the buffer will be length+1,
-as it includes a null character to terminate the string).
+tvb_fake_unicode() has been superceded by tvb_get_unicode_string(), which
+properly handles Unicode (UTF-16) strings by converting them to UTF-8.
-tvb_fake_unicode() returns a buffer allocated by g_malloc() so you must
-g_free() it when you are finished with the string. Failure to g_free() this
-buffer will lead to memory leaks.
-tvb_get_ephemeral_faked_unicode() returns a buffer allocated from a special
-heap with a lifetime until the next packet is dissected. You do not need to
-free() this buffer, it will happen automatically once the next packet is
-dissected.
+tvb_get_ephemeral_faked_unicode() has been superceded by tvb_get_ephemeral_string(), which properly handles Unicode (UTF-16) strings by converting them
+to UTF-8.
Byte Array Accessors:
This function is similar to tvb_bytes_to_str(...) except that 'punct' is inserted
between the hex representation of each byte.
+gchar *tvb_bcd_dig_to_ep_str(tvbuff_t *tvb, const gint offset, const gint len, dgt_set_t *dgt, gboolean skip_first);
+
+Given a tvbuff, an offset into the tvbuff, and a length that starts
+at that offset (which may be -1 for "all the way to the end of the
+tvbuff"), fetch BCD encoded digits from a tvbuff starting from either
+the low or high half byte, formating the digits according to an input digit set,
+if NUll a default digit set of 0-9 returning "?" for overdecadic digits will be used.
+A pointer to the EP allocated string will be returned.
+Note: a tvbuff content of 0xf is considered a 'filler' and will end the conversion.
Copying memory:
guint8* tvb_memcpy(tvbuff_t*, guint8* target, gint offset, gint length);
in your "register" routine, just as you register the protocol and the
fields for that protocol.
+The ett_ variables identify particular type of subtree so that if you expand
+one of them, Wireshark keeps track of that and, when you click on
+another packet, it automatically opens all subtrees of that type.
+If you close one of them, all subtrees of that type will be closed when
+you move to another packet.
+
There are several functions that the programmer can use to add either
protocol or field labels to the proto_tree:
"." between them, to construct a name that identifies
the field in the preference file; the name itself
should not include the protocol name, as the name in
- the preference file will already have it
+ the preference file will already have it. Make sure that
+ only lower-case ASCII letters, numbers, underscores and
+ dots appear in the preference name.
title - Field title in the preferences dialog
description - Comments added to the preference file above the
- preference value
+ preference value and shown as tooltip in the GUI, or NULL
var - pointer to the storage location that is updated when the
field is changed in the preference dialog box. Note that
with string preferences the given pointer is overwritten
mdns_udp_handle = create_dissector_handle(dissect_mdns_udp,
proto_dns);
- dissector_add("udp.port", UDP_PORT_DNS, dns_udp_handle);
- dissector_add("tcp.port", TCP_PORT_DNS, dns_tcp_handle);
- dissector_add("udp.port", UDP_PORT_MDNS, mdns_udp_handle);
- dissector_add("tcp.port", TCP_PORT_MDNS, dns_tcp_handle);
+ dissector_add_uint("udp.port", UDP_PORT_DNS, dns_udp_handle);
+ dissector_add_uint("tcp.port", TCP_PORT_DNS, dns_tcp_handle);
+ dissector_add_uint("udp.port", UDP_PORT_MDNS, mdns_udp_handle);
+ dissector_add_uint("tcp.port", TCP_PORT_MDNS, dns_tcp_handle);
The dissect_dns_udp function does very little work and calls
dissect_dns_common, while dissect_dns_tcp calls tcp_dissect_pdus with a