The simplest approach for you would be to create 2 hf_ fields, a "field name" field and a "value" field (both FT_STRING).
Not sure if you'd want them consecutively in the same tree or if the "value" would be a subtree off of the "field name".
The "field name" field could be proto_tree_add_string_format similar to your proto_tree_add_text example below, and then you'd need another proto_tree_add_string for the "value" field. You could "hide" the value field with PROTO_ITEM_SET_HIDDEN macro, but that's a generally discouraged practice.
However, I doubt your protocol is just a loop around a single proto_tree_add_text call of field/value pairs. If your dissector has knowledge of values, arrays, submessages, etc, you probably want to pass that information along to the user so he can search through a capture to find such things. You may want to consider using the convert_proto_tree_add_text.pl script (in tools directory) to help convert your proto_tree_add_text calls into filterable fields. That can save you a bunch of typing, but you still need to verify with names/filters for all of the fields.
-----Original Message-----
From: marko <marko@xxxxxxxxx>
To: wireshark-dev <wireshark-dev@xxxxxxxxxxxxx>
Sent: Sat, Jun 18, 2016 11:58 am
Subject: [Wireshark-dev] Adding dynamic fields to tree from dissector
Hi.
I have read Developer Manual, README.dissector and looked into few
examples, but could not find an answer to my question.
I have a dissector for a custom protocol, that is basically 4 bytes
length, 4 bytes msg_id and rest is packed protocol buffers message.
I am unpacking this protocol buffers message inside dissector and
would like to construct nice tree structure that represents this
message.
In wireshark 1.x I could do this easily using something like
proto_tree_add_text(gpbs_tree, tvb, 0, 0, "%s: %s", f->name, *(char **)m);
where gpbs_tree is my subtree that represents a message.
But in wireshark 2.x function proto_tree_add_text does not exists.
There is a similar function proto_tree_add_string_format, but second
parameter there is a hf_* field id.
As far as I understand, wireshark would like me to register all
possible fields in the beginning so I would have this hf_* for all
possible fields.
But is very very difficult, because my protocol buffers message can be
anything at all. Different values, array, submessages, etc...
What should I do in that case?
How do I construct nice tree without knowing what my field types are
before I receive network packet?
Thanks!
Marko.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-
dev@xxxxxxxxxxxxx>
Archives:
https://www.wireshark.org/lists/wireshark-dev
Unsubscribe:
https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe