Wireshark-dev: Re: [Wireshark-dev] Problem with proto_tree_add_item

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 01 Feb 2007 10:42:32 -0800

Gerhard Gappmeier wrote:

The problem is, that I want to output the field name, and not the type of a field.

Is there a way to do that with /hf_register_info/?

Yes. The first element of a header_field_info structure is the name of the field, and that's what's used in the display string when proto_tree_add_item() enters an instance of a field into the protocol tree.

I would suggest, therefore, that you *NOT* create registered fields corresponding to the basic types, because that means that all fields of a given type have the same name. Instead, create registered fields corresponding to protocol fields with those types, e.g.:

	static hf_register_info hf[] =
	{
		{ &hf_opcua_isforward,
		{  "IsForward", "isforward", FT_BOOLEAN, BASE_NONE, NULL, 0x0, "", HFILL }
		},

			...
	};

and have the parsers for simple types take, as arguments, the hf index value of the field, not its name:

	/* Simple Type Boolean */

static void parseBoolean(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, int hf)

	{
		proto_tree_add_item(tree, hf, tvb, *pOffset, 1, TRUE);
		*pOffset+=1;
	}

That also means that you could look for all packets with IsForward true with a filter such as

	opcua.isforward == 1

(just "opcua.isforward", without a relational operator, checks for all packets that have an "opcua.isforward" field, regardless of its value). You can't do that if you use the same field for all Boolean types.