Wireshark mailing list archives

Re: Custom item not related to the packet

From: Antonello Tartamo <antonellotartamo () gmail com>
Date: Thu, 27 May 2021 08:54:33 +0200

pt contains 16 bytes I have filled up.
I'm telling proto_tree_add_item to read these bytes from offset 0 with
length 16.
The field is properly shown (correct bytes) in the Packet Details tree but
when I select it in the Packet Bytes view the bytes selected are not the
same shown in the Packet Details view.


Il giorno mer 26 mag 2021 alle ore 15:24 Roland Knall <rknall () gmail com> ha
scritto:

You misunderstood. pt must contain the bytes you want to be inside the
subset. It seems, that you collect different bytes for this array as you
select for your hf_item selection which is then highlighted in the
packet-view

kind regard
Roland

Am Mi., 26. Mai 2021 um 14:39 Uhr schrieb Antonello Tartamo <
antonellotartamo () gmail com>:

Hello pt is an array (uint8_t pt[16];).
pt is an array generated after processing a part of the packet.
As I've created a new tvb the offset is 0 and the length is 16.

Hope I've answered your questions.



Il giorno mer 26 mag 2021 alle ore 14:32 Roland Knall <rknall () gmail com>
ha scritto:

The data displayed in the subitem is the one from pt, your data variable
which you used to create the new tvb. The hf_item seems to point to a
different data structure. How is pt being generated? Are you using the same
length and start offset as for the hf item?

regards
Roland

Am Mi., 26. Mai 2021 um 08:46 Uhr schrieb Antonello Tartamo <
antonellotartamo () gmail com>:

Hello everyone,
I'm trying to add a custom item which is not strictly related to the
packet but it is coming from a processing of a part of the packet.
I've used the following instructions:

                new_tvb = tvb_new_child_real_data(tvb, pt, (guint)16,
16);
                add_new_data_source(pinfo, new_tvb, "processed");

                ti = proto_tree_add_item(data_tree,
hf_mp_control_processed, new_tvb, 0, 16, ENC_NA);
                PROTO_ITEM_SET_GENERATED(ti);

hf_mp_control_processed is a set of bytes:
        { & hf_mp_control_processed ,
          { "mp control processed", "mp.control.processed",
            FT_BYTES, BASE_NONE, 0x0, 0x0,
            NULL, HFILL }
        }

The problem is that when I click on this new item into the Packet
Details I see the correct byte values, while in the Packet Bytes view these
ones are totally wrong.

Attached image:
[image: image.png]
For example the first byte is 0x48 but 0x68 is shown in the Packet
Bytes view.

Is there a different way to perform this operation ?

Thanks in advance

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Custom item not related to the packet Antonello Tartamo (May 25)
- Re: Custom item not related to the packet Roland Knall (May 26)
  - Re: Custom item not related to the packet Antonello Tartamo (May 26)
    - Re: Custom item not related to the packet Roland Knall (May 26)
    - Re: Custom item not related to the packet Antonello Tartamo (May 26)
    - Re: Custom item not related to the packet Pascal Quantin (May 27)
    - Re: Custom item not related to the packet Antonello Tartamo (May 27)