Gerhard Gappmeier wrote:
The problem is, that I want to output the field name, and not the type
of a field.
Is there a way to do that with /hf_register_info/?
Yes. The first element of a header_field_info structure is the name of
the field, and that's what's used in the display string when
proto_tree_add_item() enters an instance of a field into the protocol tree.
I would suggest, therefore, that you *NOT* create registered fields
corresponding to the basic types, because that means that all fields of
a given type have the same name. Instead, create registered fields
corresponding to protocol fields with those types, e.g.:
static hf_register_info hf[] =
{
{ &hf_opcua_isforward,
{ "IsForward", "isforward", FT_BOOLEAN, BASE_NONE, NULL, 0x0, "", HFILL }
},
...
};
and have the parsers for simple types take, as arguments, the hf index
value of the field, not its name:
/* Simple Type Boolean */
static void parseBoolean(proto_tree *tree, tvbuff_t *tvb, gint
*pOffset, int hf)
{
proto_tree_add_item(tree, hf, tvb, *pOffset, 1, TRUE);
*pOffset+=1;
}
That also means that you could look for all packets with IsForward true
with a filter such as
opcua.isforward == 1
(just "opcua.isforward", without a relational operator, checks for all
packets that have an "opcua.isforward" field, regardless of its value).
You can't do that if you use the same field for all Boolean types.
