Wireshark-dev: Re: [Wireshark-dev] plugin proprietary dissector for Wireshark 0.99.3
On Sep 18, 2006, at 10:06 AM, Bill Fassler wrote:
I could use a little more help. The propietary protocol I am working
with has a one byte ID at the ends of both the source and
destination MAC addresses. This Source (SID) or Destination (DID)
ID helps me identify whether the packet was generated by a Master
board or a slave board and also helps me identify the packet type.
I can use a negative offset which causes WireShark to properly
highlight the SID or DID within the packet,
It does? That's a bug - it's *NOT* (by design) supposed to allow you
to access anything prior to the data you've been handed. Negative
offsets are supposed to be relative to the *end* of the data handed to
you. I'll look at fixing that.
Then based on Guy Harris's reply (relevant portion included) to my
last post I tried this:
proto_tree_add_item(vppn_tree, packet_info.dl_dst, tvb, 0, 0,
FALSE);
You can't use proto_tree_add_item() in that fashion.
What you need to do is:
if (packet_info.dl_dst.type == AT_ETHER && packet_info.dl_dst.len ==
6) {
proto_tree_add_uint(vppn_tree, hf_dest_id, tvb, 0, 0,
packet_info.dl_dst.data[5]);
}
