Re: [Wireshark-dev] Query regarding GTP protocol

[Anders Broman]

Hi, I assume GTP’ ( GTP prim) transfers the CDR data in a “Data record packet” those are decoded in the GTP dissector by: decode_gtp_data_req() And the actual payload by:                       if (gtpcdr_handle) {                                             next_tvb = tvb_new_subset (tvb, offset, -1, -1);                                             call_dissector (gtpcdr_handle, next_tvb, pinfo, tree);                       }                       else                                             proto_tree_add_text (tree, tvb, offset, 0, "Data");   I assume you’ll need to implement a gtpcdr dissector and make it register “as” gtpcdr_handle… If you could supply a small reference trace it might be easier to assist. Brg Anders   -----Ursprungligt meddelande----- Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] För prashanth joshi Skickat: den 24 september 2006 23:21 Till: Developer support list for Wireshark Ämne: Re: [Wireshark-dev] Query regarding GTP protocol   Hi, I need to parse GTP' packet consisting in its message field the GCDR and then SRecord. Srecord is the record defined by us. Now obviously I need to add code to the ethereal to do this. I plan to check for the type fields in the pay load of the packet myself and then call the corresponding decoding functions for those fields. This I feel will give me more control on the execution of the code. Now I would like to know where it would be best to add the code? Shall I add the parsing code for both the G-CDR and the Srecord in decode_gtp_tr_comm( ........)  function? In the above function the return value is 2 --- is this the offset returned? In that case let us assume that I have parsed the contents of the G -CDR and SRecord in the decode_gtp_tr_comm ( ) function. Now, if  I return from the function decode_gtp_tr_comm( )  ---  the value (  2 + number of bytes in G-CDR + the number of bytes in Srecord ) would that be correct? Or shall i need to add the parsing code in dissect_gtp( ) ? Which is better? And if i call from the function,  decode_gtp_tr_com( ), the decoder functions such as decode_gtp_imsi( ) or decode_gtp_msisdn( ) directly would that be correct ? And one final thing,  now are all the functions to decode each of the fields in G-CDR provided in ethereal or I have to write atleast some of the decoder functions for the parsing of the G-CDR fields ? I have found some of the functions but still have to search for the other functions for decoding the G-CDR fields. How ever for SRecord fields I obviously have to write my own decoder functions Thanks a lot, Prashanth         All-new Yahoo! Mail - Fire up a more powerful email and get things done faster.

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev