I am writing a dissector for a protocol where a packet
contains several different kinds of internal msgs and has 0-N instances of each
kind of internal message. I am trying to figure out the best way to set up the
etts. (I am new to writing dissectors so maybe I am thinking about it all
wrong)
So within a packet there are message of Type (A,B,C)
Just for a simple example A has 2 ints, B has 2 floats, C
has one int
In this example packet we receive 2 A’s, 1 Bs, and 0 C’s
(keep in mind the next packet might be 5 A’s ,0 B’s , 3C’s)
So a given tree might look like this
Protocol
+-A
| +-A[0]
| | + -int 1 = 1
| | +- int 2 = 2
| +-A[1]
| | + -int 1 = 3
| | +- int 2 = 4
+-B
+-B[0]
+- float 1 = 5.0
+- float 2 = 6.0
Keep in mind the index for A and B are irrelevant to the
data inside them…so int 1 and int 2 might form an “ID” for
the A data and float 1 might form an “ID” for the B data.
Sorry to talk in abstract I am just trying to not muddle the
problem by bringing in my particular Object Model.
For now I have an ett value for A, and for B so if you
expand just A[0] as you click the other packets youll expand all A[*] trees. It’s
a little ugly especially when lists get long. Does any one know of a good
example that solves this kind of problem? Am I doing something really dumb?
Thanks,
Jim
