This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Howto Add Arbitrary Items to the Tree Structure in Dissector?

0

I would like to add the following nodes to the tree structure in Wireshark in my dissectors code:

  • Node1
  • Node2
    • Node3
    • Node4
      • Node5
  • Node6

I know this would be accomplished through the dissect proto function, but I cannot figure out how to add nodes and set the text arbitrarily (totally independent of the data getting handed into my dissector).

I realize this is not quite how this is supposed to be used, but due to the nature of what I am doing, the actual conversion function (raw data to XML) is already done inside a DLL file. It works, we use it for other things, and I don't really want to attempt to incorporate that mess into my dissector. I wrote a C XML parser already since the DLL outputs an XML c string, so all i want to do at this point is take that XML file (which is inherently a tree structure already) and display it in wireshark.

If you could provide a small example to add the tree structure I gave above that would be amazing.

Thank you for your time, Brandon

asked 25 Jul '11, 05:45

officialhopsof's gravatar image

officialhopsof
318812
accept rate: 100%

edited 25 Jul '11, 05:48


2 Answers:

1

The function proto_tree_add_text is what you are looking for. You could probably do what you need something like this:

//create a tvb over your xml string data
tvbuff_t *xmltvb = tvb_new_real_data(xml_data_as_string, number_xml_characters, number_xml_characters);
...
//add a text item to your tree
xml_tree_item = proto_tree_add_text(parent_tree_node, xmltvb, start_index, length, "%*s", length, xml_data_as_string);

You may even be able to skip creating a new tvbuff_t if your data is already present in the tvb you are dissecting.

answered 25 Jul '11, 06:40

multipleinterfaces's gravatar image

multipleinte...
1.3k152340
accept rate: 12%

multipleinterfaces: that is exactly what I needed, thanks!

(25 Jul '11, 08:06) officialhopsof

0

You add a subtree by using proto_item_add_subtree() that gets you a new tree that you can then add items to in a similar way to the tree originally handed in to your dissector.

See README.developer in the doc directory of the source.

answered 25 Jul '11, 06:28

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%