On Thu, Feb 26, 2009 at 19:26, Luca Ceresoli
<list@xxxxxxxxxxxxxxxx> wrote:
wsgd ha scritto:
> From proto.h :
> /** A protocol tree element. */
> typedef proto_node proto_tree;
> /** A protocol item element. */
> typedef proto_node proto_item;
>
Wow.
From my superficial knowledge of wireshark's internals I've always
found it very strange that item and tree are two distinct "objects".
What's a tree node if not the root of a (possibly empty) subtree?
I really can't figure out the reason for such a choice.
Back to the original issue, it seems that a text item created by
ptvcursor_add_text_with_subtree() cannot be _legally_ changed.
yes, ptvcursor API is made to simplify dissection code at the cost of less flexibility in some cases. :)
Actually, two items are created during ptvcursor_add_text_with_subtree() function call, but only one returned by the function ... the subtree item.
Therefore you could then do what you want with something like the following :
it = proto_tree_add_text(ptvcursor_tree(cursor), ptvcursor_tvbuff(cursor),
ptvcursor_current_offset(cursor), length, "foo");
my_tree = ptvcursor_add_subtree_item(cursor, it, ...);
/* do what you want to decode further information */
my_string = val_to_str(...);
proto_item_set_text(it, "<%s>", my_string);
Regards,
Sebastien Tandel
