Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: basic questions about writing dissectors

From: Joerg Mayer <jmayer () loplof de>
Date: Sun, 26 Feb 2012 17:55:55 +0100
Hello Martin,

On Sun, Feb 26, 2012 at 03:20:13PM +0100, Martin Kaiser wrote:

Is it possible to add an element in the packet tree that has an hf entry
and can be filtered but does not have a corresponding tvb? I'm looking
at getting info from a circuit and add this to the tree as a filterable
element. For now, I read from the circuit, create a tvb, add another
data source for the tvb and dissect it. I was wondering if there's a
cleaner solution without adding a data source. (It looks like a tvb
that's not part of the packet itself needs a new data source).


Take a look at packet-extreme.c and search for hf_edp_checksum_good (similar
code can be found in other dissectors). The core point is setting the item
to PROTO_ITEM_SET_GENERATED. Does this do what you want?


It seems that a lot of dissectors use pinfo->fd->num without a previous
check "if (pinfo && pinfo->fd)". Is it safe to do so?


I haven't verfied this, but as pinfo->fd->num ist the frame number it seems
to be extremely likely to be safe :-)


For se_malloc(), do I have to check the return value for NULL? I recall
that for g_malloc(), there's no need for a NULL check, the programs is
terminated when there's no memory.


I assume you mean se_alloc(). epan/emem.c internally uses g_malloc unless
some special steps are taken (debugging). Your memory on the behaviour of
g_malloc() is correct.

 Ciao
   Jörg
-- 
Joerg Mayer                                           <jmayer () loplof de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: