Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Field type for 96 bit integer?

From: Pascal Quantin <pascal.quantin () gmail com>
Date: Wed, 20 Jul 2016 11:21:22 +0200
Hi David,

2016-07-20 9:56 GMT+02:00 David Arnold <davida () pobox com>:


I’m writing a dissector for a protocol that includes a 96 bit (12 byte)
big-endian integer value.

I’d like to display it as a decimal number.  I’m happy to write a
BASE_CUSTOM renderer for it, but how should it be described in the
hf_register_info array?

In my dissect() function, I have

            proto_tree_add_item(ouch_asx_tree,
                                hf_ouch_asx_match_id,
                                tvb, offset, 12,
                                ENC_BIG_ENDIAN);
            offset += 12;

In the hf_register_info array, I’d have something like

        { &hf_ouch_asx_match_id,
          { "Match ID", "ouch_asx.match_id",
            FT_BYTES, BASE_CUSTOM, CF_FUNC(format_match_id), 0x0, NULL,
HFILL }},

except that generates a runtime error:

        Err  Field 'Match ID' (ouch-asx.match_id) has a 'strings' value
but is of type FT_BYTES (which is not allowed to have strings)

Quick hint, someone?



You cannot use  BASE_CUSTOM for this use case, as explained in
doc/README.dissector:

"BASE_CUSTOM allows one to specify a callback function pointer that will
format the value.

For 32-bit and smaller values, custom_fmt_func_t can be used to declare
the callback function pointer. Specifically, this is defined as:

    void func(gchar *, guint32);

For values larger than 32-bits, custom_fmt_func_64_t can be used to declare
the callback function pointer. Specifically, this is defined as:

    void func(gchar *, guint64);

The first argument is a pointer to a buffer of the ITEM_LABEL_LENGTH size
and the second argument is the value to be formatted.

Both custom_fmt_func_t and custom_fmt_func_64_t are defined in
epan/proto.h."

So it can only work with FT_(U_)INTX types.

Instead you probably want to use proto_tree_add_bytes_format_value() taht
gives you a full control on what is displayed in the tree.


Regards,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: