First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How to extract all field infos of a packet

Hi, I am trying to extract the fields of a packet and display in a custom menu using C code. Is there a equivalent function which we use in "LUA" local fields = { all_field_infos() } and using a for loop to iterate all the finfo.

Please suggest if any sample file in the dissectors which does this.

Thanks Nandakumar

nandhu_kp's avatar
1
nandhu_kp
asked 2023-02-27 21:10:20 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

all_field_infos calls proto_all_finfos()
wslua_field.c:

WSLUA_FUNCTION wslua_all_field_infos(lua_State* L) {
    /*
    Obtain all fields from the current tree.  Note this only gets whatever fields the underlying
    dissectors have filled in for this packet at this time - there may be fields applicable to
    the packet that simply aren't being filled in because at this time they're not needed for anything.
    This function only gets what the C-side code has currently populated, not the full list.
    */
    GPtrArray* found;
    int items_found = 0;
    guint i;

    if (! lua_tree || ! lua_tree->tree ) {
        WSLUA_ERROR(wslua_all_field_infos,"Cannot be called outside a listener or dissector");
        return 0;
    }

    found = proto_all_finfos(lua_tree->tree);

There are several examples in packet-snort.c:

    if (tree != NULL) {
        GPtrArray *items = proto_all_finfos(tree);
        if (items) {
            guint i;
            for (i=0; i< items->len; i++) {
                field_info *field = (field_info *)g_ptr_array_index(items,i);
Chuckc's avatar
3k
Chuckc
answered 2023-02-28 00:57:44 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thanks Chuck! I can extract the field_info *fi; fi->hfinfo->name; for each field, but the value for each filed name which is of different data type and not sure how to get the value. Please point to any sample code which extracts value with different data types or maybe a quick hint here is helpful!

nandhu_kp's avatar nandhu_kp (2023-03-01 01:19:12 +0000) edit
more
  • delete

From packet-snort.c:

                    value = fvalue_get_string(&field->value);

Can you use the fvalue_get_xxx() functions in ftypes.c?

Otherwise you will have to get the field type then process the value based on the type.
struct _header_field_info {
enum ftenum type; /**< [FIELDTYPE] field type, one of FT_ (from ftypes.h) */

typedef struct field_info {
fvalue_t value;

typedef struct _fvalue_t {

typedef struct _fvalue_t {
    ftype_t *ftype;
    union {
        /* Put a few basic types in here */
        guint32         uinteger;
        gint32          sinteger;
        guint64         uinteger64;
        gint64          sinteger64;
        gdouble         floating;
        wmem_strbuf_t       *strbuf;
        GByteArray      *bytes;
        ipv4_addr_and_mask  ipv4;
        ipv6_addr_and_prefix    ipv6;
        e_guid_t        guid;
        nstime_t        time;
        protocol_value_t    protocol;
        guint16         sfloat_ieee_11073;
        guint32         float_ieee_11073;
    } value;
} fvalue_t;
Chuckc's avatar Chuckc (2023-03-02 03:33:52 +0000) edit
more
  • delete

Thanks a lot Chuck!

nandhu_kp's avatar nandhu_kp (2023-03-17 00:59:29 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer