Wireshark mailing list archives
Re: Adding dynamic fields to tree from dissector
From: Michael Mann <mmann78 () netscape net>
Date: Sun, 19 Jun 2016 17:18:32 -0400
Wireshark is more than just a "nice tree". Most users want to be able to find values within a packet and the only way you're able to do that is with hf_ items, so we now effectively made it a "requirement" to have an hf_ field for each field in the tree (subtree headings would be the exception) The simplest approach for you would be to create 2 hf_ fields, a "field name" field and a "value" field (both FT_STRING). Not sure if you'd want them consecutively in the same tree or if the "value" would be a subtree off of the "field name". The "field name" field could be proto_tree_add_string_format similar to your proto_tree_add_text example below, and then you'd need another proto_tree_add_string for the "value" field. You could "hide" the value field with PROTO_ITEM_SET_HIDDEN macro, but that's a generally discouraged practice. However, I doubt your protocol is just a loop around a single proto_tree_add_text call of field/value pairs. If your dissector has knowledge of values, arrays, submessages, etc, you probably want to pass that information along to the user so he can search through a capture to find such things. You may want to consider using the convert_proto_tree_add_text.pl script (in tools directory) to help convert your proto_tree_add_text calls into filterable fields. That can save you a bunch of typing, but you still need to verify with names/filters for all of the fields. -----Original Message----- From: marko <marko () kevac org> To: wireshark-dev <wireshark-dev () wireshark org> Sent: Sat, Jun 18, 2016 11:58 am Subject: [Wireshark-dev] Adding dynamic fields to tree from dissector Hi. I have read Developer Manual, README.dissector and looked into few examples, but could not find an answer to my question. I have a dissector for a custom protocol, that is basically 4 bytes length, 4 bytes msg_id and rest is packed protocol buffers message. I am unpacking this protocol buffers message inside dissector and would like to construct nice tree structure that represents this message. In wireshark 1.x I could do this easily using something like proto_tree_add_text(gpbs_tree, tvb, 0, 0, "%s: %s", f->name, *(char **)m); where gpbs_tree is my subtree that represents a message. But in wireshark 2.x function proto_tree_add_text does not exists. There is a similar function proto_tree_add_string_format, but second parameter there is a hf_* field id. As far as I understand, wireshark would like me to register all possible fields in the beginning so I would have this hf_* for all possible fields. But is very very difficult, because my protocol buffers message can be anything at all. Different values, array, submessages, etc... What should I do in that case? How do I construct nice tree without knowing what my field types are before I receive network packet? Thanks! Marko. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Adding dynamic fields to tree from dissector marko () kevac org (Jun 18)
- Re: Adding dynamic fields to tree from dissector Jaap Keuter (Jun 18)
- Re: Adding dynamic fields to tree from dissector Michael Mann (Jun 19)
- Re: Adding dynamic fields to tree from dissector marko () kevac org (Jun 21)