当前位置: 文江博客话题详情

Wireshark 解析器:根据解析树中前一个字段的值显示一个字段

发布于 2024-11-02 05:33:28 字数 1494 浏览 0 评论 0原文

我正在致力于在wireshark中开发一个用于专有协议的插件。我有以下 3 个结构来定义协议的特征。

static const value_string packettypenames[] = { /* MAIN COMMAND */  
    {0x01,"FALO_PWRL_CMD"},                 /* 0x01  */  
    {0x02,"FALO_CALLABLE_CMD"},             /* 0x02  */  
    {0x03,"FALO_CORTEX_DATA_CMD"},      /* 0x03 */  
    {0x04,"FALO_LOCAL_CMD"}             /* 0x04 */  
    } 

static const calue_string packettypesubnames_falo_pwrl_cmd[]={/* SUBCOMMAND BASED */     
    {0x01, "FALO_PWRL_PREF_PLMN"},                      /*ON SELECTED MAIN COMMAND */  
    {0x02 ,"FALO_PWRL_PLMN_SEL"}  
}  

static const calue_string packettypesubnames_falo_callable_cmd[]={  /* SUBCOMMAND */  
    {0x01, "FALO_PWRL_PREF_PLMN"},            /*based ON SELECTED MAIN COMMAND */  
    {0x02 ,"FALO_PWRL_PLMN_SEL"}  
}

hf_register 数组中存储的结构和格式信息如下:

void proto_register_talo(void)  
{  
    static hf_register_info hf[] = {  
        { &hf_talo_main_command,  
            { "Talo Main Command", "talo.command",  
            FT_UINT8, BASE_HEX,  
            VALS(packettypenames) , 0x0,  
            NULL, HFILL }  
        },  
        { &hf_ipc_sub_command,  
            { "Talo Sub Command", "talo.subcommand",  
            FT_UINT8, BASE_HEX,  
            VALS(packetsubtypenames), 0x0,   /* STUCK AT THIS POINT */  
            NULL, HFILL }  
        }  
};

这里我的子命令的格式信息是基于主命令的值。有没有办法获得这样的东西,以便第二个字段子命令的值可以根据主命令中存在的值来决定?

谢谢你的帮助, 姆鲁纳尔

原文

I am working on developing a plugin in wireshark for a proprietary protocol. I have the following 3 structures that define the characteristics of the protocol.

static const value_string packettypenames[] = { /* MAIN COMMAND */  
    {0x01,"FALO_PWRL_CMD"},                 /* 0x01  */  
    {0x02,"FALO_CALLABLE_CMD"},             /* 0x02  */  
    {0x03,"FALO_CORTEX_DATA_CMD"},      /* 0x03 */  
    {0x04,"FALO_LOCAL_CMD"}             /* 0x04 */  
    } 

static const calue_string packettypesubnames_falo_pwrl_cmd[]={/* SUBCOMMAND BASED */     
    {0x01, "FALO_PWRL_PREF_PLMN"},                      /*ON SELECTED MAIN COMMAND */  
    {0x02 ,"FALO_PWRL_PLMN_SEL"}  
}  

static const calue_string packettypesubnames_falo_callable_cmd[]={  /* SUBCOMMAND */  
    {0x01, "FALO_PWRL_PREF_PLMN"},            /*based ON SELECTED MAIN COMMAND */  
    {0x02 ,"FALO_PWRL_PLMN_SEL"}  
}

The structure and formatting information stored in the hf_register array is as follows:

void proto_register_talo(void)  
{  
    static hf_register_info hf[] = {  
        { &hf_talo_main_command,  
            { "Talo Main Command", "talo.command",  
            FT_UINT8, BASE_HEX,  
            VALS(packettypenames) , 0x0,  
            NULL, HFILL }  
        },  
        { &hf_ipc_sub_command,  
            { "Talo Sub Command", "talo.subcommand",  
            FT_UINT8, BASE_HEX,  
            VALS(packetsubtypenames), 0x0,   /* STUCK AT THIS POINT */  
            NULL, HFILL }  
        }  
};

Here my formatting information for the subcommand is based on the value of the main command. Is there a way to obtain such a thing so the value of the second field subcommand can be decided based on the value present in the main command?

Thank You for the help,
Mrunal

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

苯莒 2024-11-09 05:33:28

您可以执行以下操作:

void proto_register_talo(void)  
{  
    static hf_register_info hf[] = {  
        { &hf_talo_main_command,  
            { "Talo Main Command", "talo.command",  
            FT_UINT8, BASE_HEX,  
            VALS(packettypenames) , 0x0,  
            NULL, HFILL }  
        },  
        { &hf_ipc_sub_command_pwrl,  
            { "Talo Sub Command", "talo.subcommand",  
            FT_UINT8, BASE_HEX,  
            VALS(packettypesubnames_falo_pwrl_cmd), 0x0,     
            NULL, HFILL }  
        }  
        { &hf_ipc_sub_command_callable,  
            { "Talo Sub Command", "talo.subcommand",  
            FT_UINT8, BASE_HEX,  
            VALS(packettypesubnames_falo_callable_cmd), 0x0,
            NULL, HFILL }  
        }  

};

然后在您的解剖函数中执行类似以下操作:

switch(header_type) {
    case 1:
      hf_sub_command = hf_ipc_sub_command_pwrl;
      break;
    case 2:
      hf_sub_command = hf_ipc_sub_command_callable;
      break;
    }
proto_tree_add_item(tree, hf_sub_command, tvb, offset, 1, FALSE);

You can do the following:

void proto_register_talo(void)  
{  
    static hf_register_info hf[] = {  
        { &hf_talo_main_command,  
            { "Talo Main Command", "talo.command",  
            FT_UINT8, BASE_HEX,  
            VALS(packettypenames) , 0x0,  
            NULL, HFILL }  
        },  
        { &hf_ipc_sub_command_pwrl,  
            { "Talo Sub Command", "talo.subcommand",  
            FT_UINT8, BASE_HEX,  
            VALS(packettypesubnames_falo_pwrl_cmd), 0x0,     
            NULL, HFILL }  
        }  
        { &hf_ipc_sub_command_callable,  
            { "Talo Sub Command", "talo.subcommand",  
            FT_UINT8, BASE_HEX,  
            VALS(packettypesubnames_falo_callable_cmd), 0x0,
            NULL, HFILL }  
        }  

};

and then in your dissect function something like:

switch(header_type) {
    case 1:
      hf_sub_command = hf_ipc_sub_command_pwrl;
      break;
    case 2:
      hf_sub_command = hf_ipc_sub_command_callable;
      break;
    }
proto_tree_add_item(tree, hf_sub_command, tvb, offset, 1, FALSE);
回复 原文
~没有更多了~

关于作者

寻找一个思念的角度

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

留蓝

文章 0 评论 0

18790681156

文章 0 评论 0

zach7772

文章 0 评论 0

Wini

文章 0 评论 0

ayeshaaroy

文章 0 评论 0

初雪

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文