Wireshark dissector: Display a field dependent on value of previous field in a the dissected tree_问答_开发者

Wireshark dissector: Display a field dependent on value of previous field in a the dissected tree

开发者 https://www.devze.com 2023-02-26 11:00 出处：网络

I am working on developing a plugin in wireshark for a proprietary protocol. I have the following 3 structures that define the characteristics of the protocol.

static const value_string packettypenames[] = { /* MAIN COMMAND */  
    {0x01,"FALO_PWRL_CMD"},                 /* 0x01  */  
    {0x02,"FALO_CALLABLE_CMD"},             /* 0x02  */  
    {0x03,"FALO_CORTEX_DATA_CMD"},      /* 0x03 */  
    {0x04,"FALO_LOCAL_CMD"}             /* 0x04 */  
    } 

static const calue_string packettypesubnames_falo_pwrl_cmd[]={/* SUBCOMMAND BASED */     
    {0x01, "FALO_PWRL_PREF_PLMN"},                      /*ON SELECTED MAIN COMMAND */  
    {0x02 ,"FALO_PWRL_PLMN_SEL"}  
}  

static const calue_string packettypesubnames_falo_callable_cmd[]={  /* SUBCOMMAND */  
    {0x01, "FALO_PWRL_PREF_PLMN"},            /*based ON SELECTED MAIN COMMAND */  
    {0x02 ,"FALO_PWRL_PLMN_SEL"}  
}

The structure and formatting information stored in the hf_register array is as follows:

void proto_register_talo(void)  
{  
    static hf_register_info hf[] = {  
        { &hf_talo_main_command,  
            { "Talo Main Command", "talo.command",  
            FT_UINT8, BASE_HEX,  
            VALS(packettypenames) , 0x0,  
            NULL, HFILL }  
        },  
        { &hf_ipc_sub_command,  
            { "Talo Sub Command", "talo.subcommand",  
            FT开发者_StackOverflow中文版_UINT8, BASE_HEX,  
            VALS(packetsubtypenames), 0x0,   /* STUCK AT THIS POINT */  
            NULL, HFILL }  
        }  
};

Here my formatting information for the subcommand is based on the value of the main command. Is there a way to obtain such a thing so the value of the second field subcommand can be decided based on the value present in the main command?

Thank You for the help, Mrunal

You can do the following:

void proto_register_talo(void)  
{  
    static hf_register_info hf[] = {  
        { &hf_talo_main_command,  
            { "Talo Main Command", "talo.command",  
            FT_UINT8, BASE_HEX,  
            VALS(packettypenames) , 0x0,  
            NULL, HFILL }  
        },  
        { &hf_ipc_sub_command_pwrl,  
            { "Talo Sub Command", "talo.subcommand",  
            FT_UINT8, BASE_HEX,  
            VALS(packettypesubnames_falo_pwrl_cmd), 0x0,     
            NULL, HFILL }  
        }  
        { &hf_ipc_sub_command_callable,  
            { "Talo Sub Command", "talo.subcommand",  
            FT_UINT8, BASE_HEX,  
            VALS(packettypesubnames_falo_callable_cmd), 0x0,
            NULL, HFILL }  
        }  

};

and then in your dissect function something like:

switch(header_type) {
    case 1:
      hf_sub_command = hf_ipc_sub_command_pwrl;
      break;
    case 2:
      hf_sub_command = hf_ipc_sub_command_callable;
      break;
    }
proto_tree_add_item(tree, hf_sub_command, tvb, offset, 1, FALSE);