Wireshark
the world's foremost network protocol analyzer
Wireshark-dev: Re: [Wireshark-dev] Query on Field Registration
From: "Abhik Sarkar" <sarkar.abhik@xxxxxxxxx>
Date: Thu, 3 Jul 2008 10:25:36 +0400
Hi Hemant, As far as I know nesting of header fields is not possible... check out epan/proto.h where the field info structures are defined. What you could do is something like have: hf_message_type hf_field1 hf_field2 Then, the display filter would be "message.type==1 && field1.value==X" or "message.type==2 && field1.value==X). You can then (in the protocol tree) next the fields under message types by using subtrees... This is done for the protocol I am most familiar with (SMPP) and you can check in packet-smpp.c how the common DCS field is handled in a submit_sm and a data_sm. HTH Abhik On Thu, Jul 3, 2008 at 4:23 AM, Kumar, Hemant <kumarh@xxxxxxxxxxxx> wrote: > Hello > > Another query that has surfaced up while doing the design for dissector module is , whether there is a concept of tree and subtree while registration of the fields? > > Actually, I have a set of messages and all of them have a common field which again contains subfields. So under the current situation for registration of fields > > I have to register the same field again and again for different messages with different names like > > > > Message1.field1.field2 > > Message2.field1.field2 and so . > > > > So that in the expression window user should not get confused with a common parameter for all the messages. > > > > Is there any way out so that in the expression window when the user wants to set some parameter for field2 so as to collect only message 1 , he should be able to see a tree under message1 and and then again a subtree for field1 ,whose branch contains a set of parameters including field2 and so on and appropriately set the required parameter for a particular message. > > If there is a way out then I will be able to share a common dissect function for a particular field tyoe across all the messages otherwise I have to register > > Customized fields for various messages and also have to write customized dissectors with the customized variables for particular message type.In this way > > For the same field in different messages I have to write several instances of the same function containing different names of the fields and subfield which are actually the one and same. > > > > Any help will be highly appreciated. > > > > Thanks > > Hemant > > > -----Original Message----- > From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris > Sent: Wednesday, July 02, 2008 11:09 AM > To: Developer support list for Wireshark > Subject: Re: [Wireshark-dev] Query on Field Registration > > Kumar, Hemant wrote: > >> I just wanted to put up one query regarding field registration in >> packet-xx.c .Is there any limit on the number of fields which we can >> register? > > No. > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-dev > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-dev >
- Follow-Ups:
- Re: [Wireshark-dev] Query on Field Registration
- From: Martin Corraine (mcorrain)
- Re: [Wireshark-dev] Query on Field Registration
- References:
- [Wireshark-dev] Query on Field Registration
- From: Kumar, Hemant
- Re: [Wireshark-dev] Query on Field Registration
- From: Guy Harris
- Re: [Wireshark-dev] Query on Field Registration
- From: Kumar, Hemant
- [Wireshark-dev] Query on Field Registration
- Prev by Date: Re: [Wireshark-dev] Header file of FIX Protocol
- Next by Date: Re: [Wireshark-dev] Query on Field Registration
- Previous by thread: Re: [Wireshark-dev] Query on Field Registration
- Next by thread: Re: [Wireshark-dev] Query on Field Registration
- Index(es):