This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi, folks, sorry for the probably confusing title.

I'm dissecting a packet that consists of TLV(type, length, value) units. each TLV unit is composed of three parts, a type field, length field, and a value field of variable length as specified in length field. The value field may contain primitive data or another TLV unit, and so on so forth.

As I understand, I need to maintain one distinct integer to register for every type of subtree that I have(which I later pass to proto_item_add_subtree()).And since these types need to be registered in register_dissector(), I have to predetermine the number of subtree types that I would need. Different subtrees can share same type, and they would be expanded/folded simultaneously. For my purpose, I think I need more than one type because I don't want users to expand a huge tree everytime they try to view one TLV unit. I would need one type, at least for every level subtree in the hierarchy. Since I can't predetermined the how deep the hierarchy would be, I'm stuck. Of course I could make an array that's supposedly large enough (say 16), but that doesn't seem to be a proper and efficient way.

Maybe I have some misunderstanding, what is the proper way to handle this?

Thank you

asked 25 Jul '17, 22:44

nickzhang's gravatar image

nickzhang
16448
accept rate: 0%

edited 25 Jul '17, 22:58


There's a slight misunderstanding I guess. Subtrees come of tree items, where tree items are the node you create while parsing your packet. proto_tree_add_item() returns such a tree item. Have a look at other dissectors that use these calls. Oh, and you can use a subtree registration multiple times.

permanent link

answered 25 Jul '17, 22:59

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

There are a number of TLV-based protocol dissectors out there, you might want to take a look at how some of them do it.

One example that comes to mind is the Diameter dissector. It reads the possible tags from XML files and generates an ett_ value for every grouped AVP (an TLV whose value is one or more TLVs). That way if the user expands, say, the subtree that contains AVP (TLV) X then all instances of X will be expanded but instances of all other AVPs (TLVs) would not.

Presuming that you know which TLVs can contain other TLVs that's probably a reasonable way to go.

permanent link

answered 26 Jul '17, 06:58

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×19
×8
×5

question asked: 25 Jul '17, 22:44

question was seen: 715 times

last updated: 26 Jul '17, 06:58

p​o​w​e​r​e​d by O​S​Q​A