Wireshark mailing list archives
Failing to get my tree to show
From: Kaul <mykaul () gmail com>
Date: Fri, 15 Jan 2010 23:50:23 +0200
Hi, I'm trying to write a new dissector, and failing miserably getting my tree to show, because the tree I'm getting in my dissect_PROTONAME() is always NULL, not sure why. I'm dissecting over TCP, with (regretfully) my own desegmentation: packets 1-3 are syn, syn-ack, ack. packet 4 is a start of a PDU, which is not enough to dissect the PDU, although I'm a getting its header. From the header, I'm taking the complete PDU length and therefore setting pinfo->desegment_len to calculated PDU length - length of what I got already ( with the offset = 0). This looks nice and correct and indeed seems to be desegmented correctly, BUT: packet 4 has my COL_PROTOCOL set (why?, I didn't dissect it eventually) packet 5 doesn't (correct, I've asked for more than it has - it just a TCP segment) packet 6 has my COL_PROTOCOL set (good) - but the packet isn't dissected there, although now I have the complete data (and TCP desgmentation shows the data is indeed taken from packets 4, 5 ,6 correctly. This is part of my dissection: ...< get conversation data and state of the protocol> col_set_str(pinfo->cinfo, COL_PROTOCOL, "Spice"); col_clear(pinfo->cinfo, COL_INFO); if (tree) { /* WHY IS TREE ALWAYS NULL HERE?! */ ti = proto_tree_add_item(tree, proto_spice, tvb, 0, -1, FALSE); spice_tree = proto_item_add_subtree(ti, ett_spice); } switch (spice_info->next_state) { case RED_STATE_LINK_CLIENT: len = tvb_reported_length(tvb); if (len < 16 && redc_desegment) { /* the header is at least 16 bytes long */ pinfo->desegment_offset = 0; pinfo->desegment_len = 16 - len; return len; } pdu_len = tvb_get_letohl(tvb, 12) + 16; if (len < pdu_len && redc_desegment) { /* Did not get all the PDU - request the full length of the PDU */ pinfo->desegment_offset = 0; pinfo->desegment_len = pdu_len - len; return len; } col_set_str(pinfo->cinfo, COL_INFO, "RED_STATE_LINK_CLIENT"); dissect_spice_link_client_pdu(tvb, pinfo, spice_tree, spice_info); spice_info->next_state = RED_STATE_LINK_SERVER; break; ... I must be missing something obvious here. I just fail to understand what it is. I do know wireshark has two modes, one of which it goes over packets without the tree set, but I don't get when and where. I've looked at other dissectors and they seem to be doing identical/similar dissection (wrongfully setting the protocol to their own even on segments, btw?). Thanks in advance, Yaniv.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Failing to get my tree to show Kaul (Jan 15)
- Re: Failing to get my tree to show Guy Harris (Jan 15)
- Re: Failing to get my tree to show Kaul (Jan 16)
- Re: Failing to get my tree to show Guy Harris (Jan 18)
- Re: Failing to get my tree to show Kaul (Jan 20)
- Re: Failing to get my tree to show Kaul (Jan 16)
- Re: Failing to get my tree to show Guy Harris (Jan 15)