Wireshark · Wireshark-dev: Re: [Wireshark-dev] Building a protocol tree

[Richard Sharpe <realrichardsharpe@xxxxxxxxx>]

On Sun, Mar 11, 2018 at 5:04 AM, Paul Offord <Paul.Offord@xxxxxxxxxxxx> wrote:
> I need some advice building a protocol tree.  I’m trying to build a tree
> like this:
>
> trb  - protocol
>
> Label of “TRB Header”
> trb.version – uint16
> trb.format – uint16
> trb.scheme_index – uint16
> trb.httpd – Boolean type but also introducing a subtree
>
> trb.httpd.host – string
> trb.httpd.identd – string
> etc.
>
> I’m happy with creating the hf_register_info array, the problem I am having
> is with the various proto_tree_xxx calls.  I currently have this:
>
>
>
>     ti = proto_tree_add_item(tree, proto_trb, tvb, 0, -1, ENC_NA);
>
>     trb_tree = proto_item_add_subtree(ti, ett_trb);
>
>     tr_header_tree = proto_tree_add_subtree(trb_tree, tvb, tvb_offset, 16,
> ett_trb_header, NULL, "TRB Header");
>
>
>
>     /* Add the Version to the tree */
>
>     proto_tree_add_item(tr_header_tree, hf_id[0], tvb, tvb_offset, 2,
> ENC_LITTLE_ENDIAN);
>
>     tvb_offset += 2;
>
>
>
>     /* Add the Format to the tree */
>
>     proto_tree_add_item(tr_header_tree, hf_id[1], tvb, tvb_offset, 2,
> ENC_LITTLE_ENDIAN);
>
>     tvb_offset += 2;
>
>
>
>     /* Add the Scheme Index to the tree */
>
>     scheme_index = tvb_get_letohs(tvb, tvb_offset);
>
>     proto_tree_add_item(tr_header_tree, hf_id[2], tvb, tvb_offset, 4,
> ENC_LITTLE_ENDIAN);
>
>     tvb_offset += 2;
>
>
>
>     tvb_offset += 2; /* Skip the Reserved field */
>
>     tvb_offset += 8; /* Skip the Timestamp */
>
>
>
>     // ToDo: before processing dsv data we need to add an item for the log
> data constructed from the protocol name
>
>     // and the name space e.g. trb.httpd the subtree label should be
> name_space Log Data e.g. httpd Log Data
>
>     trb_log_data = proto_tree_add_boolean(trb_tree, hf_id[3], tvb, 0, 0, 1);
>
>
>
>
>
> I’m not sure what I need to do at the end of this block of code to
> successfully define my trb.httpd subtree.  The hf info for the last field is
> effectively:

What's wrong with proto_tree_add_subtree or proto_tree_add_subtree_format?

>     { p_id,
>
>     { “httpd Log Data”, “trb.httpd”,
>
>     FT_BOOLEAN, BASE_NONE, NULL, 0x0,
>
>     "TRUE if TRB in the defined name space", HFILL } }
>
>
>
> What am I doing wrong?
>
>
>
> Thanks and regards…Paul
>
>
>
>
>
>
> ______________________________________________________________________
>
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and delete
> this e-mail from your system.
>
> Any views or opinions expressed are solely those of the author and do not
> necessarily represent those of Advance Seven Ltd. E-mail transmission cannot
> be guaranteed to be secure or error-free as information could be
> intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
> contain viruses. The sender therefore does not accept liability for any
> errors or omissions in the contents of this message, which arise as a result
> of e-mail transmission.
>
> Advance Seven Ltd. Registered in England & Wales numbered 2373877 at
> Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)