Wireshark-dev: Re: [Wireshark-dev] Dissector array display
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
Date: Wed, 30 Sep 2009 01:08:47 -0600

On Sep 29, 2009, at 3:50 PM, Gregory Seidman wrote:


I'm trying to write a dissector for a protocol that includes a list of
entries. The entries each have the same set of fields, but there can be an arbitrary number of entries in a packet. How do I set things up to display the entries? Should I just add a subtree for each packet and add the same set of fields to each one? Is there some way to actually express an array?
You can use a loop that goes over the same code over and over since the fields are the same. I put such a feature in the VNC dissector (http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-vnc.c?view=markup ) and I'm sure there are other dissectors that do this. In the VNC dissector, one place to look is the vnc_rre_encoding() function where it retrieves the number of sub rectangles with this line: 

	num_subrects = tvb_get_ntohl(tvb, *offset);
Then proceeds with a for loop:

	for(i = 1; i <= num_subrects; i++) {

Steve