Hello. I have written a dissector for a subset of a protocol called TC that has two subfields. Let's call this implementation "TC_Subset" and the two fields the Primary and Segment fields. I would like the wireshark display for the dissection to look like the below, where > and V indicate collapsed and expanded trees, respectively;
> Frame 1
V TC_Subset
> Primary Header
> Segment Header
Unfortunately, it currently looks like this:
>Frame 1
V TC_Subset
> TC_Subset
> TC_Subset
I think I know why, but I don't know how to fix it. I'll start by showing the relevant areas of code and point out where I think the issue is. I believe it's from a combination of things in the dissect_ and register_ methods.
"dissect_tc" excerpt
static int
dissect_tc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
//OFFSET IS IN OCTETS
int offset = 0;
proto_item *tc_packet;
proto_tree *tc_tree = NULL;
proto_item *primary_header = NULL;
proto_tree *primary_header_tree;
proto_item *segment_header = NULL;
proto_tree *segment_header_tree;
...additional set up and definitions of things like length, etc...
/* Set up the base tree */
tc_packet = proto_tree_add_item(tree, proto_tc_subset, tvb, 0, length, ENC_BIG_ENDIAN);
tc_tree = proto_item_add_subtree(tc_packet, ett_tc);
/* build primary header tree */
primary_header = proto_tree_add_item(tc_tree, proto_tc_subset, tvb, offset, TC_PRIMARY_HEADER_LENGTH, ENC_NA);
primary_header_tree = proto_item_add_subtree(primary_header, ett_tc_primary_header);
...program tree accordingly...
/* build segment header tree */
segment_header=proto_tree_add_item(tc_tree, proto_tc_subset, tvb, offset, TC_SEGMENT_HEADER_LENGTH, ENC_NA);
segment_header_tree=proto_item_add_subtree(segment_header, ett_tc_segment_header);
...rest of method, not related to the problem...
Next, let's look at a small section of register_tc.
"register_tc" excerpt
void
proto_register_tc(void)
{
static hf_register_info hf[] = ...define all fields for both headers in this one array...
/* Setup protocol subtree array */
static gint *ett[] = {
&ett_tc,
&ett_tc_primary_header,
&ett_tc_segment_header
};
...
/* Register the protocol name and description */
proto_tc_subset = proto_register_protocol("TC_Subset", "TC_Subset", "tc_subset");
/* Required function calls to register the header fields and subtrees used */
proto_register_field_array(proto_tc_subset, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
Note that in the definition of the primary header and segment header variable, I'm passing in "proto_tc_subset" both times. That's where the label is coming from. I think I need to pass in something else there in order to get the label to be what I'd like to see instead of just repeating "TC_Subset", but I'm not sure how to define such a thing.