On Oct 25, 2011, at 8:26 AM, Teto wrote:
> 1st question:
> It took me some time but thanks to README.developer I think I
> understand how display filtering works now. I was wondering if it was
> possible to update an item's header field id after its creation.
No.
> For example:
> proto_item* pi = proto_tree_add_text(subtree,tvb,offset,4,"Type: %u",type);
> set_item_header_field(&hf_my_field_id); /// for example. Does any
> equivalent function exists
No such function will ever exist. You must choose which field to add *at the time you add it*.
What is it you're trying to do here?
> And my 2nd question would be:
> There is some TCP traffic going on random ports concerning the
> protocol I analyze. How can I assign this traffic to my dissector ? It
> needs to analyze the first bytes to know if it matches my protocol.
> I solved the problem for udp (it's a predefined port):
> dissector_add_uint("udp.port", ENERGYWISE_UDP_DPORT, energywise_udp_handle);
> but I dunno for tcp.
If it's a predefined port for TCP, do the same sort of thing, but using "tcp.port" and the predefined TCP port number and handle for the dissector for your protocol when it runs over TCP.
If it's not a predefined port, you'd have to, well, analyze the first bytes to know if it matches your protocol. That means making your dissector a heuristic dissector, which:
returns a gboolean value - TRUE if it matches, FALSE if it doesn't;
as its first action, before doing *anything* to the protocol tree or the columns, checks whether the first bytes look as if the packet is for your protocol or not;
before looking at any byte, makes sure it's available in the tvbuff you've been handed, e.g. with tvb_offset_exists() or tvb_bytes_exist();
is registered with
heur_dissector_add("tcp", dissect_energywise_tcp_heur, proto_energywise);
where dissect_energywise_tcp_heur() is your heuristic dissector function and proto_energywise is the value returned by your proto_register_protocol() call.
