Wireshark-dev: Re: [Wireshark-dev] Query on Field Registration
From: "Martin Corraine (mcorrain)" <mcorrain@xxxxxxxxx>
Date: Thu, 3 Jul 2008 08:27:44 -0400
Hello Hemant, The ged125 protocol that I'm finishing right now has a lot of sub-messages. I would create a field registration of this message type that has several sub messages below it. So, for instance I can search "ged125.service_control" for all those messages. Now, if I want to search for a particular service control I can search by doing this "ged125.service_control == 20". Below is the field registration. All the various sub-types are in a value_string array. Hope this helps. { &hf_ged125_service_control_MessageSubvalue, { "Message value", "ged125.service_control", FT_UINT32, BASE_DEC, VALS(vals_service_control_message_subvalues), 0x0, "Sub-Service Control Message value", HFILL }} -Martin -----Original Message----- From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Abhik Sarkar Sent: Thursday, July 03, 2008 2:26 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Query on Field Registration Hi Hemant, As far as I know nesting of header fields is not possible... check out epan/proto.h where the field info structures are defined. What you could do is something like have: hf_message_type hf_field1 hf_field2 Then, the display filter would be "message.type==1 && field1.value==X" or "message.type==2 && field1.value==X). You can then (in the protocol tree) next the fields under message types by using subtrees... This is done for the protocol I am most familiar with (SMPP) and you can check in packet-smpp.c how the common DCS field is handled in a submit_sm and a data_sm. HTH Abhik On Thu, Jul 3, 2008 at 4:23 AM, Kumar, Hemant <kumarh@xxxxxxxxxxxx> wrote: > Hello > > Another query that has surfaced up while doing the design for dissector module is , whether there is a concept of tree and subtree while registration of the fields? > > Actually, I have a set of messages and all of them have a common field > which again contains subfields. So under the current situation for > registration of fields > > I have to register the same field again and again for different > messages with different names like > > > > Message1.field1.field2 > > Message2.field1.field2 and so . > > > > So that in the expression window user should not get confused with a common parameter for all the messages. > > > > Is there any way out so that in the expression window when the user wants to set some parameter for field2 so as to collect only message 1 , he should be able to see a tree under message1 and and then again a subtree for field1 ,whose branch contains a set of parameters including field2 and so on and appropriately set the required parameter for a particular message. > > If there is a way out then I will be able to share a common dissect > function for a particular field tyoe across all the messages otherwise > I have to register > > Customized fields for various messages and also have to write > customized dissectors with the customized variables for particular > message type.In this way > > For the same field in different messages I have to write several instances of the same function containing different names of the fields and subfield which are actually the one and same. > > > > Any help will be highly appreciated. > > > > Thanks > > Hemant > > > -----Original Message----- > From: wireshark-dev-bounces@xxxxxxxxxxxxx > [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris > Sent: Wednesday, July 02, 2008 11:09 AM > To: Developer support list for Wireshark > Subject: Re: [Wireshark-dev] Query on Field Registration > > Kumar, Hemant wrote: > >> I just wanted to put up one query regarding field registration in >> packet-xx.c .Is there any limit on the number of fields which we can >> register? > > No. > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-dev > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-dev > _______________________________________________ Wireshark-dev mailing list Wireshark-dev@xxxxxxxxxxxxx https://wireshark.org/mailman/listinfo/wireshark-dev
- Follow-Ups:
- Re: [Wireshark-dev] Query on Field Registration
- From: Kumar, Hemant
- Re: [Wireshark-dev] Query on Field Registration
- References:
- [Wireshark-dev] Query on Field Registration
- From: Kumar, Hemant
- Re: [Wireshark-dev] Query on Field Registration
- From: Guy Harris
- Re: [Wireshark-dev] Query on Field Registration
- From: Kumar, Hemant
- Re: [Wireshark-dev] Query on Field Registration
- From: Abhik Sarkar
- [Wireshark-dev] Query on Field Registration
- Prev by Date: Re: [Wireshark-dev] Query on Field Registration
- Next by Date: Re: [Wireshark-dev] Query on Field Registration
- Previous by thread: Re: [Wireshark-dev] Query on Field Registration
- Next by thread: Re: [Wireshark-dev] Query on Field Registration
- Index(es):
- Get Wireshark
- Download
- Code of Conduct