This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am writing a dissector for a custom protocol with pdus containing repetitive structures (the number of each structure is determined by a previous field whose value can be > 2000), possibly composed of other structures (think as "area descriptions" containing polylines / polygons, circles, ...)

I need to display each of these structures as a subtree, containing other subtree if needed, and I understand that I must register a variable for each of them (> 2000 variables) with proto_register_subtree_array. Am I right ?

I do not need to retain the state (expanded or collapsed) of the tree for these structures, I just need the same default behavior for them when I first look at a packet (all expanded or all collapsed). Is there a way to do it without creating a lot of variables (register "less" element in proto_register_subtree_array ? Use proto_item_add_subtree with a value that has not been registered before ?, ...) ?

How do you proceed when you need to dissect repeating structures ? Are there any best practices ?

Thank you all for your advice(s) !

asked 14 Apr '16, 08:36

hpa's gravatar image

hpa
16448
accept rate: 0%


You can re-use the same ett_xxx variable for each subtree, this just records the expanded\collapsed state of the subtree, so all that use the same variable will expand\collapse together.

This is quite common in telemetry protocols, e.g. where a field device contains lots of data objects representing physical values such as analog and digital values. One such dissector is packet-dnp.c, but that is a very complex protocol so might not be the best example. The code to look at there is in dnp3_al_process_object() around the for() loop which loops over each data object (or point) and adds a subtree for it (held in point_tree) along with the appropriate data.

permanent link

answered 14 Apr '16, 09:03

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

I did that (reusing the same ett for each subtree type), and it's ok.

Thank you !

(29 Apr '16, 08:59) hpa
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×16
×5

question asked: 14 Apr '16, 08:36

question was seen: 1,480 times

last updated: 29 Apr '16, 10:18

p​o​w​e​r​e​d by O​S​Q​A