Wireshark-dev: Re: [Wireshark-dev] Filtering
From: Guy Harris <[email protected]>
Date: Tue, 31 Mar 2009 15:21:28 -0700
On Mar 31, 2009, at 1:19 PM, [email protected] wrote:

I have read through both of those, though i probably should do it again now that i know more. But maybe I'm just confused on how the others are outputted. right now i add to the tree with:
time = (_GetMsgTime)();
pi = proto_tree_add_text(icom_message_tree, tvb, 0, 0, "Time: %s", time);
Wireshark expects to be handed a raw blob of binary packet data, and  
to *itself* fetch values from that blob and generate *its own* human- 
readable descriptions, so that it can do more with fields in packets  
than just display them to the user.
If your DLL is handed the raw blob, and returns only human-readable  
descriptions of fields, it's not going to work very well in a  
Wireshark dissector.