Title: displaying header field without filtering capability
I'm trying to add a header field for spare bytes in a custom dissector.
Currently, I'm creating a header field for a 'Spare' data element in a 'Status' message, as shown in the example below:
\code snippet
{
&hf_Spare,
{
"Spare",
"msg.Status.Spare",
FT_UINT8,
BASE_HEX,
NULL,
0x0,
"Spare",
HFILL
}
},
\endcode
Later I have a function that processes the 'Status' message components.
void dissect_message_Status(tvbuff_t* tvb, gint offset, proto_tree *tree)
{
proto_tree_add_item(tree, hf_Field1, tvb, offset, 1, ENC_BIG_ENDIAN);
proto_tree_add_item(tree, hf_Spare, tvb, offset + 1, 1, ENC_BIG_ENDIAN);
proto_tree_add_item(tree, hf_Field2, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
}
Visually it works great in the Packet Details pane. The issue is that I don't want to allow any filtering based on the 'Spare' data field when the user is editing a Filter _expression_.
What is the recommended method to handle this scenario? Do I need to remove the hf_Spare structure from the hf_register_info array and use something like proto_tree_add_text? I also see something about PROTO_ITEM_SET_HIDDEN, but it doesn't look like it applies.
Thanks,
John Dill
