On 10/28/06, prashanth joshi <[EMAIL PROTECTED]> wrote: > Hi, > Suppose the tvb contains a structure and we are supposed to add the > structure elements one by one in to the display tree. > Suppose the structure has the following elements: > char > int > char > int. > Now my thinking is , > We can not add directly the first item ie char item in to the display > tree(using the proto_tree_add_item specifying offset and the length to be > added as 1) and then again we can not add directly the second item ie int > in to the display tree ( this time offset + 1 and then the length to be > added as 4 ) and so on....... > The reason for my thinking is: > The structures are padded. So the tvb may actually be containing > char 4 bytes > int 4 bytes > char 4 bytes > int 4 bytes > And then I feel structue padding is platform dependent. > Hence I feel it should be correct first to memcpy the contents using > tvb_memcpy from the tvb to a dynamically allocated object. Because i feel > the tvb_memcpy takes care of the platform independece issues. And then i > feel we can add the structure elements one by one using the > proto_tree_add_item(offset , length to be added as 1 ) > and then using, proto_tree_add_item(offset + 1, length to be added as 4).
You do not want to use tvb_memcpy to copy the tvbuff's data onto a struct... you still have the padding issue. The tvb code does not know anything about the architecture of the host computer, the assumptions of the protocol, or the compiler used to compile Wiershark (which can have its own idea of what padding means). You need to either grab each field with a tvb_get_*() function and use the proto_tree_add_uint() and proto_tree_add_string() functions, or use proto_tree_add_item(), which will pull the field from the tvbuff for you, based on the "header_field_info" definition for your field. Of course, you can combine the two strategies. > Is my assertion about this structure padding and tvb_memcpy correct? > That is when ever we get a structure in tvb we should not directly add its > elements directly to the display tree but we should first memcpy the > contents of the tvb using tvb_memcpy, to an alllocated structure object and > then we should add the elements one by one in to the display tree? > Or is this just an imagination of mine.........? You're right about directly copying... but you should realize that tvb_memcpy() is direct copying, too. --gilbert _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
