This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Usage of proto_tree_add_item_ret_string() and WMEM

0
1

Hi,

I've been trying to use the following function to add some decoded text to a colum with the col_add_fstr() function.

WS_DLL_PUBLIC proto_item * proto_tree_add_item_ret_string(proto_tree *tree, int hfindex, tvbuff_t *tvb, const gint start, gint length, const guint encoding, wmem_allocator_t *scope, const guint8 **retval);

I've read README.wmem, but still, I don't understand how to simply return the decoded string.

asked 22 Feb '16, 02:14

_michel's gravatar image

_michel
11346
accept rate: 0%

2 Answers:

2

The rdp dissector uses the function, around line 2161 if that helps.

You haven't really described your issue, please amend your question to show how you're attempting to call the function from your code.

answered 22 Feb '16, 02:25

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

edited 09 Feb '17, 06:49

Thank you, it works. In case someone is interested, I paste here the relevant lines :

static int
dissect_rdp_cr(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_)
{
    ...
    const guint8 *stringval;
    ...
    proto_tree_add_item_ret_string(tree, hf_rdp_rt_cookie, tvb, offset,
                                   linelen, ENC_ASCII|ENC_NA,
                                   wmem_packet_scope(), &stringval);
    ...
}

with the following declaraction in wmem_scopes.h

WS_DLL_PUBLIC
wmem_allocator_t *
wmem_packet_scope(void);
(22 Feb '16, 07:41) _michel

0

I don't understand how to simply return the decoded string.

How long do you need the string to last? That determines the scope to pass to proto_tree_add_item_ret_string(). If you only need it to use within the dissector call, wmem_packet_scope() is, in fact, the right answer. If its value needs to persist past the end of dissection, you'd need a different scope.

answered 22 Feb '16, 16:59

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

edited 22 Feb '16, 17:00

I don't know exactly, I just need it to be displayed in the column info. Since I don't know what and when is being freed by Wireshark, I can't tell the scope I need.

I've looked in README.wmem but I don't have the necessary experience to choose between packet, file or epan pool. Off the top of my head, I'd say that packet pool, hence wmempacketscope(), is ok. I'd need a clear example to understand the limitations of each pool.

(22 Feb '16, 23:55) _michel

I just need it to be displayed in the column info.

Then you'll probably be doing col_add_str() or col_add_fstr(); neither of those routines keep copies of the string pointers passed to them, so they could be freed at any point, and wmem_packet_scope() would suffice.

(23 Feb '16, 15:12) Guy Harris ♦♦