Well, I'm not entirely sure what you're trying to do and don't really have the
time to dig into it, but let me give it a quick shot using your "time" example
below ...
It looks like maybe you're trying to add a time field of some length starting
at offset 0 from your tvbuff. If it's just a string, either NULL-terminated or
with a preceding length field, you might be able to use either
proto_tree_add_string(), or proto_tree_add_item() but just set your hf's FT_
appropriately, i.e., FT_STRING, FT_STRINGZ, or FT_UINT_STRING. Or maybe you
can make use of proto_tree_add_time() with your hf_'s FT_ set to
FT_ABSOLUTE_TIME or FT_RELATIVE_TIME. I have no idea what the format of your
time field is so I don't know which one, if any of these, would work best for
you. Take a look at epan/ftypes/ftypes.h for a complete list of the FT_'s ...
and as always, the README.developer lists them all too, along with a
description, and again, there are plenty of examples of dissectors using all
these types in epan/dissectors/packet-xyz.c.
As a quick example, let me assume your time field is just a Pascal-style string
containing a single byte that indicates the length of the string, followed by
the string itself. The following pseudo-code is a rough example of how you
might add it to your tree and have it be a filterable field:
static int hf_icom_time = -1;
dissect_icom(...) {
...
proto_tree_add_item(icom_message_tree, hf_icom_time, tvb, 0, 1, FALSE);
...
}
...
{ &hf_icom_time,
{ "Timestamp", "icom.time", FT_UINT_STRING, BASE_NONE,
NULL, 0x00, "", HFILL }
},
...
That's pretty much it. OK, so maybe you have to massage the string first
through your _GetMsgTime() function. No problem, maybe the
proto_tree_add_string_format() function call is worth a look. There are other
proto_tree_add_xyz_format() calls as well that might also be of interest to you.
Not sure if that helps or not, but that's all I have time for today :)
- Chris
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: Tuesday, March 31, 2009 4:20 PM
> To: Developer support list for Wireshark
> Cc: Maynard, Chris
> Subject: Re: [Wireshark-dev] Filtering
>
> I have read through both of those, though i probably should do it again
> now that i know more. But maybe I'm just confused on how the others are
> outputted. right now i add to the tree with:
>
> time = (_GetMsgTime)();
> pi = proto_tree_add_text(icom_message_tree, tvb, 0, 0, "Time: %s",
> time);
>
> where time is a char *. in the other proto_tree_add_'s, does it go to
> the hf_icom_* in proto register? and output from there? That's how i
> output the first message:
>
> { &hf_icom_bnp_type,
> { "ICom BNP Type", "icom.type",
> FT_UINT8, BASE_DEC,
> VALS(bnp_type_names), 0x0,
> NULL, HFILL }
> },
>
> would there be a way to put my function somewhere in these calls? such
> as:
>
> { &hf_icom_message,
> {"Message", "icom.message",
> FT_UINT16, BASE_DEC,
> (function call here?), 0x0,
> NULL, HFILL }
> }
>
> or maybe in a value_string? all functions return a char * or int as
> their only types. Maybe i dont have a very understanding of how the
> proto_tree_add and hf[] array works and all.
>
> Greg
>
> ---- "Maynard wrote:
>
> =============
> I would suggest reading through doc/README.developer and
> epan/proto.[h|c] and choosing the best proto_tree_add_xyz() call that
> meets your needs. Maybe something like proto_tree_add_bytes() or
> proto_tree_add_item() will work for you, I don't know. There are quite
> a number of them to choose from, so I'm pretty sure you'll find one
> that works for you. And don't forget to look at other dissectors in
> epan/dissectors/ for some helpful examples.
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
