This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How should I register a subtree type when I can’t predetermine the number of types of subtree?

0

Hi, folks, sorry for the probably confusing title.

I'm dissecting a packet that consists of TLV(type, length, value) units. each TLV unit is composed of three parts, a type field, length field, and a value field of variable length as specified in length field. The value field may contain primitive data or another TLV unit, and so on so forth.

As I understand, I need to maintain one distinct integer to register for every type of subtree that I have(which I later pass to proto_item_add_subtree()).And since these types need to be registered in register_dissector(), I have to predetermine the number of subtree types that I would need. Different subtrees can share same type, and they would be expanded/folded simultaneously. For my purpose, I think I need more than one type because I don't want users to expand a huge tree everytime they try to view one TLV unit. I would need one type, at least for every level subtree in the hierarchy. Since I can't predetermined the how deep the hierarchy would be, I'm stuck. Of course I could make an array that's supposedly large enough (say 16), but that doesn't seem to be a proper and efficient way.

Maybe I have some misunderstanding, what is the proper way to handle this?

Thank you

asked 25 Jul '17, 22:44

nickzhang's gravatar image

nickzhang
16448
accept rate: 0%

edited 25 Jul '17, 22:58


2 Answers:

0

There's a slight misunderstanding I guess. Subtrees come of tree items, where tree items are the node you create while parsing your packet. proto_tree_add_item() returns such a tree item. Have a look at other dissectors that use these calls. Oh, and you can use a subtree registration multiple times.

answered 25 Jul '17, 22:59

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

0

There are a number of TLV-based protocol dissectors out there, you might want to take a look at how some of them do it.

One example that comes to mind is the Diameter dissector. It reads the possible tags from XML files and generates an ett_ value for every grouped AVP (an TLV whose value is one or more TLVs). That way if the user expands, say, the subtree that contains AVP (TLV) X then all instances of X will be expanded but instances of all other AVPs (TLVs) would not.

Presuming that you know which TLVs can contain other TLVs that's probably a reasonable way to go.

answered 26 Jul '17, 06:58

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%