This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

proto_tree_add_text() proper replacemnt

0
Tag= tvb_get_guint8(tvb,offset);    
offset++;
dataType = tvb_get_guint8(tvb,offset);
offset++;
value = tvb_get_guint8(tvb,offset);

cmdBodyNode = proto_tree_add_text(header_tree, tvb, startValue, 3, "%s: %d", val_to_str(Tag, Tag_array, "Unknown Tag:(0x%02x)"),value);

proto_tree_add_text(my_child, tvb, startValue++, 1, "DataType: %s", val_to_str(dataType, dataType_array, "Unknown datatype:(0x%02x)"));

How to replace the above expression to new add_item () for wire shark 2.2.6 without changing the representation output.

I have used the convert_proto_tree_add_text.pl file for conversion but output is not as per expected. Can anyone explain how to convert the above proto_tree_add_text() function to any alternative function to be replaced?

output using convert_proto_tree_add_text.pl Perl script:

/* Generated from convert_proto_tree_add_text.pl */
static int hf_vrs_s = -1;
static int hf_vrs_datatype = -1;

/* Generated from convert_proto_tree_add_text.pl */ { &hf_vrs_s, { "s", "vrs.s", FT_UINT24, BASE_HEX, VALS(VALS(value_string_array)), 0x0, NULL, HFILL }}, { &hf_vrs_datatype, { "DataType", "vrs.datatype", FT_UINT8, BASE_HEX, VALS(VALS(dataType_array)), 0x0, NULL, HFILL }},

/* Generated from convert_proto_tree_add_text.pl */ cmdBodyNode = proto_tree_add_item(vrs_header_tree, hf_vrs_%s, tvb, startValue, 3, ENC_NA); proto_tree_add_item(vrs_child, hf_vrs_datatype, tvb, startValue++, 1, ENC_NA);

asked 02 May ‘17, 22:07

a6mishra's gravatar image

a6mishra
6113
accept rate: 0%

edited 03 May ‘17, 03:05

grahamb's gravatar image

grahamb ♦
19.8k330206


One Answer:

0

As you have noted the perl script does not handle the way this dissector is coded. You will have to do the conversion by hand. The main reason for removing proto_tree_add_text() is to enforce the use of hf variables to facilitate filtering which is one of the main features of Wireshark. It will be difficult to not "changing the representation output". But changing it will actually improve the dissector in my opinion. For the example above I'd define 3 hf variables "tag" "datatype" and "value" and just do proto_tree_add_item() for each one of them. As an alternative you can use proto_tree_add_subtree_format() but that would defy the purpose of removing proto_tree_add_text().

answered 03 May '17, 03:56

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%