Re: basic questions about writing dissectors

[Martin Kaiser <lists () kaiser cx>]

Hi Joerg,

thanks for your quick reply.

Thus wrote Joerg Mayer (jmayer () loplof de):

> Take a look at packet-extreme.c and search for hf_edp_checksum_good
> (similar code can be found in other dissectors). The core point is
> setting the item to PROTO_ITEM_SET_GENERATED. Does this do what you
> want?

The "checksum ok?" item is not directly taken from the tvb but it is
still linked to a part of the tvb, the checksum itself.

In my case, I don't have any tvb but a value in a guint32. I've had
another look and guess that

it = proto_tree_add_uint_format(tree, hf_myproto_myfilter,
      NULL, 0, 0, <value from the guint32>, ...);

does what I want. My understanding is that I can pass tvb==NULL if
length==0 as well. The value is assigned to the hf without any reference
to a tvb. I'd then set PROTO_ITEM_SET_GENERATED(it) on the result.

> I haven't verfied this, but as pinfo->fd->num ist the frame number it seems
> to be extremely likely to be safe :-)

ok, null checks removed

> I assume you mean se_alloc(). epan/emem.c internally uses g_malloc unless
> some special steps are taken (debugging).

ok, understood

Best regards,

   Martin
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe