On Sep 29, 2009, at 3:50 PM, Gregory Seidman wrote:
I'm trying to write a dissector for a protocol that includes a list of
entries. The entries each have the same set of fields, but there can
be an
arbitrary number of entries in a packet. How do I set things up to
display
the entries? Should I just add a subtree for each packet and add the
same
set of fields to each one? Is there some way to actually express an
array?
You can use a loop that goes over the same code over and over since
the fields are the same. I put such a feature in the VNC dissector (http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-vnc.c?view=markup
) and I'm sure there are other dissectors that do this. In the VNC
dissector, one place to look is the vnc_rre_encoding() function where
it retrieves the number of sub rectangles with this line:
num_subrects = tvb_get_ntohl(tvb, *offset);
Then proceeds with a for loop:
for(i = 1; i <= num_subrects; i++) {
Steve
