ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] How to get a header_field_info instance from its id?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: mmann78@xxxxxxxxxxxx
Date: Wed, 19 Aug 2015 10:58:39 -0400
The description of a "field type" for and hf_ field doesn't always correspond to its length on the wire.  While many times that is the case for integers (FT_UINTx), it wouldn't be the case for strings or byte arrays (or many of the other field types).
You also have cases were an integer field can vary between 1-4 (or 8) bytes and rather than create separate hf_ fields for every combination, you can just specify the size in proto_tree_add_item, with a single hf_ field (typically FT_UINT32) that covers all of the cases.
 
I don't think it's a bad thing to just explicitly use an integer value for the size of any field for "code consistency" because not all fields are FT_UINTx types.
 
 
 
-----Original Message-----
From: yves baumes <yves.baumes@xxxxxxxxxxxx>
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Sent: Wed, Aug 19, 2015 10:45 am
Subject: [Wireshark-dev] How to get a header_field_info instance from its id?

Hi everyone,

I am currently developping a dissector. And I have some basic
questions.

My first one would be: how do I get the header_field_info
structure 
instance from its structure id? Here is what I'm trying to
achieve:

static int hf_instr_id = -1;
[...]

     { &hf_instr_id,
      
{ "Instrument Identifier", "my_proto.instr_id", FT_UINT64, 
BASE_DEC, NULL,
0x00,
         "[...]", HFILL }
     },

[...]
     ptvcursor_add(cursor,
hf_instr_id, 8, ENC_LITTLE_ENDIAN);


In the line just above I'd like to
replace the length (which is 8) by 
something roughly looking like that:

   
int len = ftype_len(gap_hfinfo.hfi[xxx]->type);
     ptvcursor_add(cursor,
hf_instr_id, len, ENC_LITTLE_ENDIAN);

One of my issue is that gap_hfinfo
array (which contains all the 
header_fields_info instances) is static to the
proto.c file. And I find 
no accessors to it.
Is there an actual way that I've
overlooked?
Or do I need to keep a pointer to header_field_info structure in
the 
first place?

Second question: I've took a quick glance at others
dissectors.
It looks like every one of them provide their integer fields' size
twice:
- in the header_field_info
- and also as a parameter of
ptvcursor_add()/proto_tree_add_item().

Is there a reason for doing that?
Historical?

Regards
Yves
BAUMES
___________________________________________________________________________
Sent
via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:   
https://www.wireshark.org/lists/wireshark-dev
Unsubscribe:
https://wireshark.org/mailman/options/wireshark-dev
            
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube