Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] proto tree

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 9 Jun 2008 18:40:14 -0700

On Jun 8, 2008, at 11:39 PM, Amit Paliwal wrote:

i mean from the declaration it becomes apparent that every sibling node will be pointing to next sibling and the parent, why is this required.

Sibling: otherwise, you can't enumerate all entries in the protocol tree. The tree isn't N-ary for any fixed value of N; there can be any number of entries at any level below the root.

Parent: so that, for example, if you add an "expert info" item to a protocol tree item, that item *and* all items up to the top level can be flagged as having "expert info" under them; this, for example, lets a top-level item be put in a special color if there's an "expert info" item anywhere below it.

is it a general tree or some specific kind of tree.

It's a specific kind of tree - it's a tree of data about packet fields.

/** A protocol tree element. */
typedef proto_node proto_tree;
/** A protocol item element. */
typedef proto_node proto_item;


what is the use of defining proto_tree and proto_item differently?

I'm not sure what the rationale was for that.  Gilbert?

for each protocol how is this tree managed.

With routines such as proto_tree_add_item(), proto_tree_add_protocol(), proto_tree_add_uint(), etc.