| Main Archive Page > Month Archives > wireshark-dev archives |
Re: [Wireshark-dev] Dissector skipping packets
From: Stephen Fisher <steve_at_nospam>Date: Sun May 09 2010 - 06:02:03 GMT
To: Developer support list for Wireshark <wireshark-dev@wireshark.org>
On Tue, May 04, 2010 at 10:45:38PM -0700, Craig Bumpstead wrote:
> example: Packet Type 0
> Trans type
> I'm not sure how to have different paths for decoding of packets. Any
> ideas of the protocol that I should look at for this type of decode?
If every packet contains a packet type (is that what "trans type" is
above?), then you can use a switch() statement after obtaining the
packet type:
- Set a variable to the packet type using tvb_get_guint8 for an 8-bit
integer or tvb_get_ntohX where X is 's' for 16-bit, "24" for 24-bit, 'l'
for 32-bit or "64" for 64-bit unsigned assuming that the integer is in
typical network byte order ("big endian"). There are also functions for
little endian byte order: replace the 'n' after '_' with "le":
guint8 packet_type;
packet_type = tvb_get_guint8(tvb, 0);
- Use #define statements to make associate packet type names with the
integers they are designated by for easier code reading (for example):
#define AUTH_REQUEST 0
#define AUTH_REPLY 1
- Use a switch statement:
switch(packet_type) {
case AUTH_REQUEST :
...
break;
case AUTH_REPLY :
...
break;
default :
... (state that it is an unknown packet type)
break;
}
-- Steve ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe