Wireshark mailing list archives
I have a wireshark dissector question
From: 季红 <jihong_seu () 163 com>
Date: Tue, 12 Apr 2016 22:34:18 +0800 (CST)
Dear sir : Please excuse me for I'm taking the liberty of writing to you. I' m a chinese. I have a wireshark dissector question which I would like to ask you. To make my example as plain and interesting as possible, so I use the example of the official website :https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html . Example 9.12. Enhancing the display. static void dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { guint8 packet_type = tvb_get_guint8(tvb, 0); col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO"); /* Clear out stuff in the info column */ col_clear(pinfo->cinfo,COL_INFO); col_add_fstr(pinfo->cinfo, COL_INFO, "Type %s", val_to_str(packet_type, packettypenames, "Unknown (0x%02x)")); if (tree) { /* we are being asked for details */ proto_item *ti = NULL; proto_tree *foo_tree = NULL; gint offset = 0; ti = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA); proto_item_append_text(ti, ", Type %s", val_to_str(packet_type, packettypenames, "Unknown (0x%02x)")); foo_tree = proto_item_add_subtree(ti, ett_foo); proto_tree_add_item(foo_tree, hf_foo_pdu_type, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; } } 1.Suppose there are three packets, then dissect_foo is called many times? 2. If I click one row in wireshark 's user interface, then dissect_foo will be called many times? 3. How can I debug the code slice: if (tree) { /* we are being asked for details */ proto_item *ti = NULL; proto_tree *foo_tree = NULL; gint offset = 0; ti = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA); proto_item_append_text(ti, ", Type %s", val_to_str(packet_type, packettypenames, "Unknown (0x%02x)")); foo_tree = proto_item_add_subtree(ti, ett_foo); proto_tree_add_item(foo_tree, hf_foo_pdu_type, tvb, offset, 1, ENC_BIG_ENDIAN); offset += 1; } Thanks ! Looking forward to your reply.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- I have a wireshark dissector question 季红 (Apr 12)
- Re: I have a wireshark dissector question Richard Sharpe (Apr 12)