Howto Add Arbitrary Items to the Tree Structure in Dissector?

Question

I would like to add the following nodes to the tree structure in Wireshark in my dissectors code:

Node1
Node2

Node3
Node4

Node5

Node6

I know this would be accomplished through the dissect proto function, but I cannot figure out how to add nodes and set the text arbitrarily (totally independent of the data getting handed into my dissector).

I realize this is not quite how this is supposed to be used, but due to the nature of what I am doing, the actual conversion function (raw data to XML) is already done inside a DLL file. It works, we use it for other things, and I don't really want to attempt to incorporate that mess into my dissector. I wrote a C XML parser already since the DLL outputs an XML c string, so all i want to do at this point is take that XML file (which is inherently a tree structure already) and display it in wireshark.

If you could provide a small example to add the tree structure I gave above that would be amazing.

Thank you for your time, Brandon

Accepted Answer

The function proto_tree_add_text is what you are looking for. You could probably do what you need something like this:

//create a tvb over your xml string data
tvbuff_t *xmltvb = tvb_new_real_data(xml_data_as_string, number_xml_characters, number_xml_characters);
...
//add a text item to your tree
xml_tree_item = proto_tree_add_text(parent_tree_node, xmltvb, start_index, length, "%*s", length, xml_data_as_string);

You may even be able to skip creating a new tvbuff_t if your data is already present in the tvb you are dissecting.

Answer 2

You add a subtree by using proto_item_add_subtree() that gets you a new tree that you can then add items to in a similar way to the tree originally handed in to your dissector.

See README.developer in the doc directory of the source.