Kumar, Hemant wrote:
Thanks Martin and Abhik!! For the replies.
But what I am actually looking for is when the user goes for setting subfields type so as to filter messages of his interest, he should see a tree structure with subfields beneath the main field.
That is for example for tcp it should not appear as
Tcp.flags.cwr
Tcp.flags.ecn
Tcp.flags.urg
Tcp.flags.ack and so on rather it should appear as
Tcp+
Flags+
cwr
ecn
urg
ack
By clicking on the + the subtree should appear
That's not (currently) possible in the Expression UI.
So I don't want to register fields like ged125.service_control rather
Just register Service control which is going to be common to several other messages separately and then relate it to those messages in the dissect_function()while feeding the information from tvb_buffer in to the field. Ofcourse , this is possible but then in the expression window
simply appears service_control and ged125+
Service_control.
Please shed some light on this aspect whether it is possible to this is wireshark.
No, you would have to create many hf_ entries, one for each message +
parameter combination. (Personally I think that design would constrain
the power of the filter mechanism but I don't know what you're doing.)
