Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-dev: Re: [Wireshark-dev] new plug-in dissector - no packets, displayed when dissector specific filter applied

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 1 May 2009 09:38:46 -0700


On May 1, 2009, at 9:10 AM, Stuart Marsden wrote:

   hf_sslbp_type = frmtyp;

Don't do that. If you do that, then, even if you *do* correctlyattempt to add sslbp.frametype into the protocol tree, it will fail,as the value assigned by Wireshark to hf_sslbp_type is an index intoan array of fields internal to the Wireshark core, and if you give ita different value, it'll put the wrong field into the protocol tree.

   proto_tree_add_text(header_tree, tvb, offset+3, 1,
"Frame type: %s", val_to_str(frmtyp,frame_type,"Unknown (0x%02x)"));


If you want sslbp.frametype to be in the protocol tree, do

proto_tree_add_uint(header_tree, hf_sslbp_type, tvb, offset+3, 1,frmtyp);

If sslbp.frametype isn't in the protocol tree, any filter trying tomatch it will fail, so you want it in the protocol tree.


See doc/README.developer in the source tree.

References:
- Re: [Wireshark-dev] new plug-in dissector - no packets, displayed when dissector specific filter applied
  - From: Stuart Marsden

Prev by Date: [Wireshark-dev] make error: gcc
Next by Date: Re: [Wireshark-dev] Compilation errors while building the Wireshark sources
Previous by thread: Re: [Wireshark-dev] new plug-in dissector - no packets, displayed when dissector specific filter applied
Next by thread: [Wireshark-dev] make error: gcc
Index(es):
- Date
- Thread