ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] how correct add to tree reassebled data?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Ilya Shvetsov <chvetsov@xxxxxxxxx>
Date: Thu, 7 Feb 2013 13:08:35 +0300
Thank you very much for your reply and help. Now it works now.
 
But I have to mention, that if i use proto_tree_set_visible, my dissector fails to link. May be this happens because proto_tree_set_visible are not in export table.
I copied body of this method to my code, and all works fine.
What is correct way to solve this? Should I add this method to export table and commit it?
Personally, i prefer to have this function in my code, because such way it will work with old versions of wireshark
 
And one more note
I do not know what you meant, but packet-jxta.c does not contain any example of using proto_tree_set_visible. I found examples packet-frame.c and in packet-wsp.c
--
With best regards
Ilya 'Akhil' Shvetsov



On 7 February 2013 01:29, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
On 02/06/2013 01:08 PM, Ilya Shvetsov wrote:
> Hi, there.
>
> Thank you guys for greate product.
>
> I successuly wrote my dissector and few days ago found failure in it.
>
> I have next situatioin:
> I dissect last packet in some sequence and get new tvbuffer from
>
> process_reassembled_data
>
> Next step i do is parsing of this new tvbuffer.
> I parse it and add new items to tree under my protocol item.
>
> And this is a place where problem is.
> I parse new tvbuff from begin, this means that offset is ZERO,
> tvbuff it self has raw_offset == -1
>
> When I parse, i do not know a length of element, so i add item to tree and later
> call
>
> proto_item_set_end
>
> to set end of element in data buffer. if element, which i have read, has quite
> big size, then all works fine. if it has small size, then i get assert from
> proto_item_set_end.
>
> It's turned out that every item in tree has 'finfo', which contains filed
> 'start'. For me this start is usually 28. if my first item in reassebled tvbuff
> is less then 28, i get assert.
>
> As I can see, the problem happens because all items in tree has 'finfo' field
> from parent (not reassebled) tvbuff.
>
> So, what i have to do to fix this? how to add items from new tvbuff correctly ?
>
> I use wireshark 1.8.5 on Windows 7
> --
> With best regards
> Ilya 'Akhil' Shvetsov
>

Hi,

Try calling proto_tree_set_visible(tree, TRUE); before you create the item you
want to call proto_item_set_end() on. See packet-jxta.c for example.

Thanks,
Jaap




___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube