Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] how correct add to tree reassebled data?

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Thu, 07 Feb 2013 22:12:00 +0100
On 02/07/2013 11:08 AM, Ilya Shvetsov wrote:
> Thank you very much for your reply and help. Now it works now.
>  
> But I have to mention, that if i use proto_tree_set_visible, my dissector fails
> to link. May be this happens because proto_tree_set_visible are not in export
> table.
> I copied body of this method to my code, and all works fine.
> What is correct way to solve this? Should I add this method to export table and
> commit it?
> Personally, i prefer to have this function in my code, because such way it will
> work with old versions of wireshark


As Chris already did, it should be exported from libwireshark for plugins to
use. Your solution will work until it's linked against a libwireshark that
exports the function proper.

>  
> And one more note
> I do not know what you meant, but packet-jxta.c does not contain any example of
> using proto_tree_set_visible. I found examples packet-frame.c and in packet-wsp.c

It is there, since 17 January, I put it in packet-jxta.c line 1054 with revision
47136. That's why I knew it would help :)

http://anonsvn.wireshark.org/viewvc?view=revision&revision=47136

Thanks,
Jaap


> --
> With best regards
> Ilya 'Akhil' Shvetsov
> 
> 
> 
> On 7 February 2013 01:29, Jaap Keuter <jaap.keuter@xxxxxxxxx
> <mailto:jaap.keuter@xxxxxxxxx>> wrote:
> 
>     On 02/06/2013 01:08 PM, Ilya Shvetsov wrote:
>     > Hi, there.
>     >
>     > Thank you guys for greate product.
>     >
>     > I successuly wrote my dissector and few days ago found failure in it.
>     >
>     > I have next situatioin:
>     > I dissect last packet in some sequence and get new tvbuffer from
>     >
>     > process_reassembled_data
>     >
>     > Next step i do is parsing of this new tvbuffer.
>     > I parse it and add new items to tree under my protocol item.
>     >
>     > And this is a place where problem is.
>     > I parse new tvbuff from begin, this means that offset is ZERO,
>     > tvbuff it self has raw_offset == -1
>     >
>     > When I parse, i do not know a length of element, so i add item to tree and
>     later
>     > call
>     >
>     > proto_item_set_end
>     >
>     > to set end of element in data buffer. if element, which i have read, has quite
>     > big size, then all works fine. if it has small size, then i get assert from
>     > proto_item_set_end.
>     >
>     > It's turned out that every item in tree has 'finfo', which contains filed
>     > 'start'. For me this start is usually 28. if my first item in reassebled
>     tvbuff
>     > is less then 28, i get assert.
>     >
>     > As I can see, the problem happens because all items in tree has 'finfo' field
>     > from parent (not reassebled) tvbuff.
>     >
>     > So, what i have to do to fix this? how to add items from new tvbuff
>     correctly ?
>     >
>     > I use wireshark 1.8.5 on Windows 7
>     > --
>     > With best regards
>     > Ilya 'Akhil' Shvetsov
>     >
> 
>     Hi,
> 
>     Try calling proto_tree_set_visible(tree, TRUE); before you create the item you
>     want to call proto_item_set_end() on. See packet-jxta.c for example.
> 
>     Thanks,
>     Jaap
> 
>