Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Dynamic allocation of the array fields

From: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
Date: Wed, 21 May 2014 16:44:23 +0100
On 21 May 2014 15:37, Anders Broman <anders.broman@xxxxxxxxxxxx> wrote:

 

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Raul Felice
Sent: den 20 maj 2014 17:48
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Dynamic allocation of the array fields

> 

>Since I do not know how to then provide you the question, I preferred link you directly post in which I describe my problem; I hope this does not disturb you.
>
>http://ask.wireshark.org/questions/32811/how-to-reference-field-for-display-filters
>
>
>I apologize for my English not very fair and I thank you in advance.

 

>In each package of my protocol may appear a NOT predetermined number of fields, with different names (read from an external file)

 

I’m not sure I understand what that means…

I don’t think you can escape from having one hf per field in any case.

 

How are the length of the “field” in the packet determined and what type of data do you have in your file helping you to identify the fields? Is there nothing in the packet

Identifying which fields or set of fields that are present?

Regards

Anders

 

 From the Ask Wireshark question, it appears that the protocol may have any number of arbitrarily named fields and the OP requires to be able to filter on both the field name and field value.


I think the field names come from an external file.

In the Ask Wireshark question you and I pointed the OP to the diameter dissector as an example of a dissector that registers fields based on the content of an external file, but the OP was unable to follow the code there (it is quite complex) and I suggested they come to the mailing list to allow a better discussion and possibly ideas from others who don't peruse Ask Wireshark.

Graham