[Wireshark-dev] I have a wireshark dissector question

Tue, 12 Apr 2016 07:54:02 -0700 

Dear sir :
        Please excuse me for  I'm taking the liberty of writing to you.   I' m 
a chinese. I have a wireshark dissector question which I would like to ask you. 
 To make my example as plain


 and interesting as possible,  so I use the example of the official website 
:https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html .  



Example 9.12. Enhancing the display.

static void
dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
    guint8 packet_type = tvb_get_guint8(tvb, 0);

    col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO");
    /* Clear out stuff in the info column */
    col_clear(pinfo->cinfo,COL_INFO);
    col_add_fstr(pinfo->cinfo, COL_INFO, "Type %s",
             val_to_str(packet_type, packettypenames, "Unknown (0x%02x)"));

    if (tree) { /* we are being asked for details */
        proto_item *ti = NULL;
        proto_tree *foo_tree = NULL;
        gint offset = 0;

        ti = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA);
        proto_item_append_text(ti, ", Type %s",
            val_to_str(packet_type, packettypenames, "Unknown (0x%02x)"));
        foo_tree = proto_item_add_subtree(ti, ett_foo);
        proto_tree_add_item(foo_tree, hf_foo_pdu_type, tvb, offset, 1, 
ENC_BIG_ENDIAN);
        offset += 1;
    }
}


1.Suppose there are three packets, then dissect_foo is called many times?  


2. If I click one row in wireshark 's user interface, then dissect_foo  will be 
called many times?


3. How can I debug the code slice:




    if (tree) { /* we are being asked for details */
        proto_item *ti = NULL;
        proto_tree *foo_tree = NULL;
        gint offset = 0;

        ti = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA);
        proto_item_append_text(ti, ", Type %s",
            val_to_str(packet_type, packettypenames, "Unknown (0x%02x)"));
        foo_tree = proto_item_add_subtree(ti, ett_foo);
        proto_tree_add_item(foo_tree, hf_foo_pdu_type, tvb, offset, 1, 
ENC_BIG_ENDIAN);
        offset += 1;
    }


Thanks ! Looking forward to your reply.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe

Reply via email to