Wireshark-dev: Re: [Wireshark-dev] Custom item not related to the packet
Hi Pasqual,
you're right.
I've fixed it using wmem_alloc().
Thanks everyone
Antonello
Il giorno gio 27 mag 2021 alle ore 09:00 Pascal Quantin <pascal@xxxxxxxxxxxxx> ha scritto:
___________________________________________________________________________Hi AntonelloLe jeu. 27 mai 2021 à 08:54, Antonello Tartamo <antonellotartamo@xxxxxxxxx> a écrit :pt contains 16 bytes I have filled up.I'm telling proto_tree_add_item to read these bytes from offset 0 with length 16.The field is properly shown (correct bytes) in the Packet Details tree but when I select it in the Packet Bytes view the bytes selected are not the same shown in the Packet Details view.I think the real thing to look at (and that you did not share) is the lifetime of the pt buffer. Do you ensure that the memory pointed by this address is still valid when Wireshark tries to display its content in the packet bytes buffer? WIthout seeing this full code part we cannot really help you, but you should ensure that pt is valid during the whole pinfo structure lifetime (by allocating it in the pinfo->pool memory pool for example, see doc/README.wmem file for more details).Hope this helps,Pascal.___________________________________________________________________________Il giorno mer 26 mag 2021 alle ore 15:24 Roland Knall <rknall@xxxxxxxxx> ha scritto:You misunderstood. pt must contain the bytes you want to be inside the subset. It seems, that you collect different bytes for this array as you select for your hf_item selection which is then highlighted in the packet-viewkind regardRoland___________________________________________________________________________Am Mi., 26. Mai 2021 um 14:39 Uhr schrieb Antonello Tartamo <antonellotartamo@xxxxxxxxx>:Hello pt is an array (uint8_t pt[16];).pt is an array generated after processing a part of the packet.As I've created a new tvb the offset is 0 and the length is 16.Hope I've answered your questions.___________________________________________________________________________Il giorno mer 26 mag 2021 alle ore 14:32 Roland Knall <rknall@xxxxxxxxx> ha scritto:The data displayed in the subitem is the one from pt, your data variable which you used to create the new tvb. The hf_item seems to point to a different data structure. How is pt being generated? Are you using the same length and start offset as for the hf item?regardsRoland___________________________________________________________________________Am Mi., 26. Mai 2021 um 08:46 Uhr schrieb Antonello Tartamo <antonellotartamo@xxxxxxxxx>:Hello everyone,___________________________________________________________________________I'm trying to add a custom item which is not strictly related to the packet but it is coming from a processing of a part of the packet.I've used the following instructions:new_tvb = tvb_new_child_real_data(tvb, pt, (guint)16, 16);
add_new_data_source(pinfo, new_tvb, "processed");
ti = proto_tree_add_item(data_tree, hf_mp_control_processed, new_tvb, 0, 16, ENC_NA);
PROTO_ITEM_SET_GENERATED(ti);hf_mp_control_processed is a set of bytes:{ & hf_mp_control_processed ,
{ "mp control processed", "mp.control.processed",
FT_BYTES, BASE_NONE, 0x0, 0x0,
NULL, HFILL }
}The problem is that when I click on this new item into the Packet Details I see the correct byte values, while in the Packet Bytes view these ones are totally wrong.Attached image:For example the first byte is 0x48 but 0x68 is shown in the Packet Bytes view.Is there a different way to perform this operation ?
Thanks in advance
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- [Wireshark-dev] Custom item not related to the packet
- From: Antonello Tartamo
- Re: [Wireshark-dev] Custom item not related to the packet
- From: Roland Knall
- Re: [Wireshark-dev] Custom item not related to the packet
- From: Antonello Tartamo
- Re: [Wireshark-dev] Custom item not related to the packet
- From: Roland Knall
- Re: [Wireshark-dev] Custom item not related to the packet
- From: Antonello Tartamo
- Re: [Wireshark-dev] Custom item not related to the packet
- From: Pascal Quantin
- [Wireshark-dev] Custom item not related to the packet
- Prev by Date: Re: [Wireshark-dev] Custom item not related to the packet
- Next by Date: [Wireshark-dev] Can the OSS-FUZZ tool be modified to generate a pcap test file?
- Previous by thread: Re: [Wireshark-dev] Custom item not related to the packet
- Next by thread: [Wireshark-dev] Windows HTML Help
- Index(es):
- Get Wireshark
- Download
- Code of Conduct