Wireshark-dev: [Wireshark-dev] trees
From: "Martin Corraine (mcorrain)" <[email protected]>
Date: Thu, 19 Jun 2008 16:09:22 -0400
I'm having difficulty with the trees. This is what I have so far: The items in bold is what I can't get. Any help will be appreciated.
  • Geotel Engineering Document 125
    • Base Header
      • Length 10
        • Header         // for SERVICE_CONTROL
          • ....
          • ....

ged125_item = proto_tree_add_item(tree, proto_ged125, tvb, 0, -1, TRUE); // displays the protocol name ("Geotel Engineering Document") on the tree

ged125_tree = proto_item_add_subtree(ged125_item, ett_ged125); // doesn't display anything further, must set up something

ged125_sub_item = proto_tree_add_item( ged125_tree, hf_ged125_header, tvb, offset, 8, TRUE ); // makes the "base header" tree

ged125_header_tree = proto_item_add_subtree(ged125_sub_item, ett_ged125);

length = tvb_get_ntohl(tvb, offset) + EIGHT_BYTES; // first 4 bytes of header gives entire ged125 packet size but it's always 8 bytes off so I add it here

proto_tree_add_uint(ged125_header_tree, hf_ged125_length, tvb, offset, 4, length);

offset+=4; //We increment the offset to get past the 4 bytes indicating length

type = tvb_get_ntohl(tvb, offset);

proto_tree_add_uint(ged125_header_tree, hf_ged125_type, tvb, offset, 4, type); // add the message "Type" to the header tree