Wireshark-dev: Re: [Wireshark-dev] Query on Field Registration

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 03 Jul 2008 12:09:11 -0700

Kumar, Hemant wrote:

But what I am actually looking for is when the user goes for setting
subfields type so as to filter messages of his interest, he should
see a  tree structure with subfields beneath the main field.

That is for example for tcp it should not appear as
Tcp.flags.cwr
Tcp.flags.ecn
Tcp.flags.urg
Tcp.flags.ack and so on rather it should appear as

Tcp+
    Flags+
            cwr
            ecn
            urg
          ack

By clicking on the + the subtree should appear

"Appear" where? Presumably not in the protocol tree, because that's how it *does* appear there. It sounds as if you mean in the "Filter Expression" dialog box.

So I don't want to register fields like ged125.service_control rather
just register Service control which is going to be common to several
other messages separately and then relate it to those messages in the
dissect_function()while feeding the information from tvb_buffer in to
the field. Ofcourse , this is possible but then in the expression window
simply appears service_control and ged125+
                                                        Service_control.

Please shed some light on this aspect whether it is possible to this is wireshark.

It's not.

We could probably have the code that constructs the tree view in the "Filter Expression" dialog box check, if there's a field "foo.bar.bletch", whether there's a "foo.bar" field, and, if so, put "foo.bar.bletch" into a tree under "foo.bar" rather than at the top level.