Hi Hemant,
As far as I know nesting of header fields is not possible... check out
epan/proto.h where the field info structures are defined. What you
could do is something like have:
hf_message_type
hf_field1
hf_field2
Then, the display filter would be "message.type==1 && field1.value==X"
or "message.type==2 && field1.value==X). You can then (in the protocol
tree) next the fields under message types by using subtrees... This is
done for the protocol I am most familiar with (SMPP) and you can check
in packet-smpp.c how the common DCS field is handled in a submit_sm
and a data_sm.
HTH
Abhik
On Thu, Jul 3, 2008 at 4:23 AM, Kumar, Hemant <kumarh@xxxxxxxxxxxx> wrote:
> Hello
>
> Another query that has surfaced up while doing the design for dissector module is , whether there is a concept of tree and subtree while registration of the fields?
>
> Actually, I have a set of messages and all of them have a common field which again contains subfields. So under the current situation for registration of fields
>
> I have to register the same field again and again for different messages with different names like
>
>
>
> Message1.field1.field2
>
> Message2.field1.field2 and so .
>
>
>
> So that in the expression window user should not get confused with a common parameter for all the messages.
>
>
>
> Is there any way out so that in the expression window when the user wants to set some parameter for field2 so as to collect only message 1 , he should be able to see a tree under message1 and and then again a subtree for field1 ,whose branch contains a set of parameters including field2 and so on and appropriately set the required parameter for a particular message.
>
> If there is a way out then I will be able to share a common dissect function for a particular field tyoe across all the messages otherwise I have to register
>
> Customized fields for various messages and also have to write customized dissectors with the customized variables for particular message type.In this way
>
> For the same field in different messages I have to write several instances of the same function containing different names of the fields and subfield which are actually the one and same.
>
>
>
> Any help will be highly appreciated.
>
>
>
> Thanks
>
> Hemant
>
>
> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
> Sent: Wednesday, July 02, 2008 11:09 AM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Query on Field Registration
>
> Kumar, Hemant wrote:
>
>> I just wanted to put up one query regarding field registration in
>> packet-xx.c .Is there any limit on the number of fields which we can
>> register?
>
> No.
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
