Protocols Wireshark解析器:根据已解析树中上一个字段的值显示字段
我正在为专有协议开发wireshark插件。我有以下3个结构来定义协议的特征Protocols Wireshark解析器:根据已解析树中上一个字段的值显示字段,protocols,implementation,wireshark-dissector,Protocols,Implementation,Wireshark Dissector,我正在为专有协议开发wireshark插件。我有以下3个结构来定义协议的特征 static const value_string packettypenames[] = { /* MAIN COMMAND */ {0x01,"FALO_PWRL_CMD"}, /* 0x01 */ {0x02,"FALO_CALLABLE_CMD"}, /* 0x02 */ {0x03,"FALO_CORTEX_DAT
static const value_string packettypenames[] = { /* MAIN COMMAND */
{0x01,"FALO_PWRL_CMD"}, /* 0x01 */
{0x02,"FALO_CALLABLE_CMD"}, /* 0x02 */
{0x03,"FALO_CORTEX_DATA_CMD"}, /* 0x03 */
{0x04,"FALO_LOCAL_CMD"} /* 0x04 */
}
static const calue_string packettypesubnames_falo_pwrl_cmd[]={/* SUBCOMMAND BASED */
{0x01, "FALO_PWRL_PREF_PLMN"}, /*ON SELECTED MAIN COMMAND */
{0x02 ,"FALO_PWRL_PLMN_SEL"}
}
static const calue_string packettypesubnames_falo_callable_cmd[]={ /* SUBCOMMAND */
{0x01, "FALO_PWRL_PREF_PLMN"}, /*based ON SELECTED MAIN COMMAND */
{0x02 ,"FALO_PWRL_PLMN_SEL"}
}
void proto_register_talo(void)
{
static hf_register_info hf[] = {
{ &hf_talo_main_command,
{ "Talo Main Command", "talo.command",
FT_UINT8, BASE_HEX,
VALS(packettypenames) , 0x0,
NULL, HFILL }
},
{ &hf_ipc_sub_command,
{ "Talo Sub Command", "talo.subcommand",
FT_UINT8, BASE_HEX,
VALS(packetsubtypenames), 0x0, /* STUCK AT THIS POINT */
NULL, HFILL }
}
};
Mrunal您可以执行以下操作:
void proto_register_talo(void)
{
static hf_register_info hf[] = {
{ &hf_talo_main_command,
{ "Talo Main Command", "talo.command",
FT_UINT8, BASE_HEX,
VALS(packettypenames) , 0x0,
NULL, HFILL }
},
{ &hf_ipc_sub_command_pwrl,
{ "Talo Sub Command", "talo.subcommand",
FT_UINT8, BASE_HEX,
VALS(packettypesubnames_falo_pwrl_cmd), 0x0,
NULL, HFILL }
}
{ &hf_ipc_sub_command_callable,
{ "Talo Sub Command", "talo.subcommand",
FT_UINT8, BASE_HEX,
VALS(packettypesubnames_falo_callable_cmd), 0x0,
NULL, HFILL }
}
};
switch(header_type) {
case 1:
hf_sub_command = hf_ipc_sub_command_pwrl;
break;
case 2:
hf_sub_command = hf_ipc_sub_command_callable;
break;
}
proto_tree_add_item(tree, hf_sub_command, tvb, offset, 1, FALSE);
您可以执行以下操作:
void proto_register_talo(void)
{
static hf_register_info hf[] = {
{ &hf_talo_main_command,
{ "Talo Main Command", "talo.command",
FT_UINT8, BASE_HEX,
VALS(packettypenames) , 0x0,
NULL, HFILL }
},
{ &hf_ipc_sub_command_pwrl,
{ "Talo Sub Command", "talo.subcommand",
FT_UINT8, BASE_HEX,
VALS(packettypesubnames_falo_pwrl_cmd), 0x0,
NULL, HFILL }
}
{ &hf_ipc_sub_command_callable,
{ "Talo Sub Command", "talo.subcommand",
FT_UINT8, BASE_HEX,
VALS(packettypesubnames_falo_callable_cmd), 0x0,
NULL, HFILL }
}
};
switch(header_type) {
case 1:
hf_sub_command = hf_ipc_sub_command_pwrl;
break;
case 2:
hf_sub_command = hf_ipc_sub_command_callable;
break;
}
proto_tree_add_item(tree, hf_sub_command, tvb, offset, 1, FALSE);
您能告诉我header_type(此处)是什么吗?@PankajGoyal
header_typeint header\u type=tvb\u get\u guint8(tvb,offset)的内容表示单个字节。您能告诉我什么是header_type(此处)?@PankajGoyalheader_type
将是协议相关的值,用于确定哪些子命令适用于此处。通常,您会有类似于int header\u type=tvb\u get\u guint8(tvb,offset)的内容用于单个字节。