Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Problem with proto_tree_add_item

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Gerhard Gappmeier <gerhard.gappmeier@xxxxxxxxxxx>
Date: Mon, 5 Feb 2007 09:19:11 +0100
Hi Guy,

I think this is a good solution.
This way I can avoid to write a parser function for each field name and can 
keep the "type-parser".
Generating all the hf register entries is not a bidg deal.

thanks,
Gerhard.

On Thursday 01 February 2007 19:42, Guy Harris wrote:
> Gerhard Gappmeier wrote:
> > The problem is, that I want to output the field name, and not the type
> > of a field.
> > Is there a way to do that with /hf_register_info/?
>
> Yes.  The first element of a header_field_info structure is the name of
> the field, and that's what's used in the display string when
> proto_tree_add_item() enters an instance of a field into the protocol tree.
>
> I would suggest, therefore, that you *NOT* create registered fields
> corresponding to the basic types, because that means that all fields of
> a given type have the same name.  Instead, create registered fields
> corresponding to protocol fields with those types, e.g.:
>
> 	static hf_register_info hf[] =
> 	{
> 		{ &hf_opcua_isforward,
> 		{  "IsForward", "isforward", FT_BOOLEAN, BASE_NONE, NULL, 0x0, "", HFILL
> } },
>
> 			...
> 	};
>
> and have the parsers for simple types take, as arguments, the hf index
> value of the field, not its name:
>
> 	/* Simple Type Boolean */
> 	static void parseBoolean(proto_tree *tree, tvbuff_t *tvb, gint
> *pOffset, int hf)
> 	{
> 		proto_tree_add_item(tree, hf, tvb, *pOffset, 1, TRUE);
> 		*pOffset+=1;
> 	}
>
> That also means that you could look for all packets with IsForward true
> with a filter such as
>
> 	opcua.isforward == 1
>
> (just "opcua.isforward", without a relational operator, checks for all
> packets that have an "opcua.isforward" field, regardless of its value).
>   You can't do that if you use the same field for all Boolean types.
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev

-- 
mit freundlichen Grüßen / best regards
 
Gerhard Gappmeier
ascolab GmbH - automation system communication laboratory
Tel.: +49 9131 691 123
Fax: +49 9131 691 128
Web: http://www.ascolab.com
GPG-Key: http://www.ascolab.com/gpg/gg.asc
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube