Ask Your Question
0

proto_tree_add_format_text in plugins

asked 2020-04-23 17:41:43 +0000

byteit101 gravatar image

I was experimenting with creating a new plugin, and wanted to start off by making a few modifications to a copy of the http dissector. However, it seems to use proto_tree_add_format_text, which is not exported for plugins. Is there a simple replacement for this method? Or a workaround that doesn't get too invasive? I have no idea what the 3 invocations are used for, and reverting them to be proto_tree_add_text calls, and then attempting to call the perl upgrade script doesn't change anything.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-04-23 20:24:07 +0000

grahamb gravatar image

updated 2020-04-23 21:29:23 +0000

That function isn't exported for use in plugins, only because no one has needed it yet.

In epan/proto.h, modify the declaration of the function to have "WS_DLL_PUBLIC" in front of it, e.g.

WS_DLL_PUBLIC proto_item *
proto_tree_add_format_text(proto_tree *tree, tvbuff_t *tvb, gint start, gint length);

and rebuild. This could be contributed back to Wireshark if you care to submit a patch.

edit flag offensive delete link more

Comments

1

While we're at it, we should probably go over the remaining calls to proto_tree_add_format_text() in the existing code and try to replace them, as that call creates protocol tree items with which no named field is associated, meaning that you can't report them with -T fields, can't use them in packet-matching expressions (display filters, coloring rules, etc.), ....

Guy Harris gravatar imageGuy Harris ( 2020-04-23 21:52:13 +0000 )edit

And clean up sneaky packet-isakmp.c's use of hf_text_only.

Jaap gravatar imageJaap ( 2020-04-24 09:19:48 +0000 )edit

And clean up sneaky packet-isakmp.c's use of hf_text_only.

Done in https://code.wireshark.org/review/c/3....

We should probably add a proto_item_is_text_only() routine in epan/proto.c, have the code outside epan/proto.c that looks at hf_text_only to call that routine instead, and stop exporting hf_text_only, keeping it static to epan/proto.c.

Guy Harris gravatar imageGuy Harris ( 2020-04-24 22:19:11 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-04-23 17:41:43 +0000

Seen: 514 times

Last updated: Apr 23 '20