Writing a Non-trivial Wireshark Dissector

不羁的心 提交于 2020-04-17 22:41:44

问题


I am trying to write a Wireshark dissector (in C) for a custom protocol. The first 3 bits of the packet defines how the rest of the packet is constructed. For example, if these 3 bits are 000, the remainder of the packet is a 5-bit field followed by 2 byte fields. If the leading 3 bit is 001, the remainder of the packet is a 13-bit field followed by a byte field. I can get the leading 3-bit field. In the dissector function, I've tried using this value to tailor the rest of the dissection thus:

(pseudo code)
if(hf_format==0)
{
   proto_tree_add_item( ..5-bit field...);
   proto_tree_add_item( ..first byte field...);
   proto_tree_add_item( ..second byte field...); 
}
else if (hf_format==1)
{
   proto_tree_add_item( ..13-bit field...);
   proto_tree_add_item( ..byte field...);
}
else  etc.

Why doesn't this approach work?, Is there an example you can refer me to?

来源:https://stackoverflow.com/questions/61129327/writing-a-non-trivial-wireshark-dissector

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!