On Sun, Oct 15, 2006 at 12:32:48PM +0530, [EMAIL PROTECTED] wrote: > While going through the README.developer file , I was trying to > understand the tree concept but could not grasp much . Can anyone > please provide some inputs to help me understand how the tree nodes > are added and display tree gets built .
Let's go through the steps using a simple dissector as an example, packet-daytime.c (I have included only the relevant code that builds the tree and added comments in this e-mail). First of all, the upper-level protocols generate their own tree. Your dissector is then given the chance to add its own part of the tree: - - - - - - - - - - /* This is how we reference our new tree to add things to it */ proto_tree *daytime_tree; /* This is how we add a new tree to the display by starting with a new * item under the previous tree (such as UDP or TCP) */ proto_item *ti; /* This statement adds an item to the current tree (named tree) with a * new type called proto_daytime. It uses the packet data tvb, starts * at tvb's position 0 and goes until the end of the packet (-1). * FALSE means it is NOT little endian (network traffic is usually big * endian). */ ti = proto_tree_add_item(tree, proto_daytime, tvb, 0, -1, FALSE); /* This statement adds a new tree tied to the item we added above * (note the reference to ti from above) */ daytime_tree = proto_item_add_subtree(ti, ett_daytime); /* This statement adds a new item to our newly created tree, * daytime_tree. The item added is called hf_daytime_string which is * defined at the bottom of this dissector file. Again, it uses packet * data tvb, starts at position 0 and goes to the end of the packet and * is not little endian data */ proto_tree_add_item(daytime_tree, hf_daytime_string, tvb, 0, -1, FALSE); - - - - - - - - - - Does this help? Ask again if you need more details :) Steve _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
