Re: how correct add to tree reassebled data?

[Jaap Keuter <jaap.keuter () xs4all nl>]

On 02/06/2013 01:08 PM, Ilya Shvetsov wrote:
> Hi, there.
>  
> Thank you guys for greate product.
>  
> I successuly wrote my dissector and few days ago found failure in it.
>  
> I have next situatioin:
> I dissect last packet in some sequence and get new tvbuffer from
>
> process_reassembled_data
>
> Next step i do is parsing of this new tvbuffer.
> I parse it and add new items to tree under my protocol item.
>  
> And this is a place where problem is.
> I parse new tvbuff from begin, this means that offset is ZERO,
> tvbuff it self has raw_offset == -1
>  
> When I parse, i do not know a length of element, so i add item to tree and later
> call
>
> proto_item_set_end
>
> to set end of element in data buffer. if element, which i have read, has quite
> big size, then all works fine. if it has small size, then i get assert from
> proto_item_set_end.
>  
> It's turned out that every item in tree has 'finfo', which contains filed
> 'start'. For me this start is usually 28. if my first item in reassebled tvbuff
> is less then 28, i get assert.
>  
> As I can see, the problem happens because all items in tree has 'finfo' field
> from parent (not reassebled) tvbuff.
>  
> So, what i have to do to fix this? how to add items from new tvbuff correctly ?
>  
> I use wireshark 1.8.5 on Windows 7
> --
> With best regards
> Ilya 'Akhil' Shvetsov

Hi,

Try calling proto_tree_set_visible(tree, TRUE); before you create the item you
want to call proto_item_set_end() on. See packet-jxta.c for example.

Thanks,
Jaap




___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe