OSQA is unmaintained. Help us figure out where to go from here.

I would like to add the following nodes to the tree structure in Wireshark in my dissectors code:

  • Node1
  • Node2
    • Node3
    • Node4
      • Node5
  • Node6

I know this would be accomplished through the dissect proto function, but I cannot figure out how to add nodes and set the text arbitrarily (totally independent of the data getting handed into my dissector).

I realize this is not quite how this is supposed to be used, but due to the nature of what I am doing, the actual conversion function (raw data to XML) is already done inside a DLL file. It works, we use it for other things, and I don't really want to attempt to incorporate that mess into my dissector. I wrote a C XML parser already since the DLL outputs an XML c string, so all i want to do at this point is take that XML file (which is inherently a tree structure already) and display it in wireshark.

If you could provide a small example to add the tree structure I gave above that would be amazing.

Thank you for your time, Brandon

asked 25 Jul '11, 05:45

officialhopsof's gravatar image

accept rate: 100%

edited 25 Jul '11, 05:48

The function proto_tree_add_text is what you are looking for. You could probably do what you need something like this:

//create a tvb over your xml string data
tvbuff_t *xmltvb = tvb_new_real_data(xml_data_as_string, number_xml_characters, number_xml_characters);
//add a text item to your tree
xml_tree_item = proto_tree_add_text(parent_tree_node, xmltvb, start_index, length, "%*s", length, xml_data_as_string);

You may even be able to skip creating a new tvbuff_t if your data is already present in the tvb you are dissecting.

permanent link

answered 25 Jul '11, 06:40

multipleinterfaces's gravatar image

accept rate: 12%

multipleinterfaces: that is exactly what I needed, thanks!

(25 Jul '11, 08:06) officialhopsof

You add a subtree by using proto_item_add_subtree() that gets you a new tree that you can then add items to in a similar way to the tree originally handed in to your dissector.

See README.developer in the doc directory of the source.

permanent link

answered 25 Jul '11, 06:28

grahamb's gravatar image

grahamb ♦
accept rate: 22%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 25 Jul '11, 05:45

question was seen: 3,211 times

last updated: 26 Jul '11, 01:24

p​o​w​e​r​e​d by O​S​Q​A