This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Custom Dissector How to Add Multiple TREEs in same protocol

0

Hi,

Iam new to this. Iam develoing custom dissector. I have one tree generated and inside that tree i have many sub trees. Now i have to generate a new tree (not a sub tree ) (which payload is from the first tree).

How can i do this? ALso please advise how to get tvb buff back to 39 bytes (sub tree byte of first tree)

ANy exampe available??

Thanks

asked 28 May '14, 20:06

umar's gravatar image

umar
26222427
accept rate: 0%

edited 28 May '14, 20:14


One Answer:

1
+-tree1
  +-subtree1a
  +-subtree1b
+-tree2
  +-subtree2a

Now you want in tree2 to be able to represent data as already shown in tree1/subtree1x

Assuming you've used a TVB while working on tree1, and making subsets when making subtree1a and subtree1b, the original TVB stays intact. So when you want to create tree2 you just can use the original TVB again.

answered 29 May '14, 06:48

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

tvb_get_guint8( tvb_b, offsetb ); offsetb-=39;

moto_item = proto_tree_add_item(tree_b, proto_moto, tvb_b, 0, -1, FALSE); moto_tree = proto_item_add_subtree(moto_item, ett_moto); moto_header_tree = proto_item_add_subtree(moto_item, ett_moto); offsetb++;

Hi whats wrong in this code? I have created parent tree 3 functions .. dissect, handoff, register

The same i did for this tree also. Tree 1's one of the subtree data is the input for this 2nd tree. How do i get that. Is there any sample code for me to understand . Could any one please send me.

(29 May '14, 08:40) umar

You'll need to pass the top-level tree item from your first dissector into your second dissector so it can add its subtrees at the same level as the first one.

(29 May '14, 09:19) grahamb ♦

Hi mr.graham and jaap,thanks for your valuable time . I could not get understand as iam new to this. Is there any similar protocol available i can sèe the code for reference. Thanks again.

(29 May '14, 10:13) umar