Wireshark-dev: Re: [Wireshark-dev] Query on Field Registration

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Thu, 03 Jul 2008 14:56:34 -0400

Kumar, Hemant wrote:

Thanks Martin and Abhik!! For the replies.

But what I am actually looking for is when the user goes for setting subfields type so as to filter messages of his interest, he should see a tree structure with subfields beneath the main field.

That is for example for tcp it should not appear as
Tcp.flags.cwr
Tcp.flags.ecn
Tcp.flags.urg
Tcp.flags.ack and so on rather it should appear as

Tcp+
    Flags+
            cwr
            ecn
            urg
          ack

By clicking on the + the subtree should appear

That's not (currently) possible in the Expression UI.

So I don't want to register fields like ged125.service_control rather
Just register Service control which is going to be common to several other messages separately and then relate it to those messages in the dissect_function()while feeding the information from tvb_buffer in to the field. Ofcourse  , this is possible but then in the expression window
simply appears service_control and ged125+
                                                        Service_control.

Please shed some light on this aspect whether it is possible to this is wireshark.

No, you would have to create many hf_ entries, one for each message + parameter combination. (Personally I think that design would constrain the power of the filter mechanism but I don't know what you're doing.)