On 09/05/15 06:48, Alexis La Goutte wrote:
On Fri, Sep 4, 2015 at 9:15 PM, John Dill <John.Dill@xxxxxxxxxxxxxxxxx
<mailto:John.Dill@xxxxxxxxxxxxxxxxx>> wrote:
In other instances, I just want to assign a label to an
undissectable block of bytes in a packet that I do not want to be
filtered on, where I'd use:
proto_tree_add_text(pdu_tree, tvb, offset, pdu_payload_length, "Data
Payload");
Use proto_tree_add_item with hf use FT_NONE
Now, all field will be filtereable...
(it is possible to reuse the same hf for multiple field)
This shows up in the packet details pane and I can click on that
label and it would highlight the bytes in the packet bytes pane that
that block refers to. I have lots of these "Data Payload" since I
do not have complete documentation of the system, or it may be used
to read a data file from another aircraft that share some messages
but have others unprocessed.
It seems clunky to have to create header fields for each one of
these undissectable blobs, and I already have enough bogus "Spare"
and "Pad" header fields in the stuff I do know about to the point
that it takes 8-10 seconds to open up my specific protocol in the
filter expression dialog.
As Alexis said, feel free to re-use fields (especially spares and pads).
P.S. Also, when reading the documentation in README.heuristic, the
examples use the old prototype for heur_dissector_add.
on 1.99 branch ?
Change submitted:
https://code.wireshark.org/review/10445
