ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Protocol tree - indicating a missing value

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Paul Offord <Paul.Offord@xxxxxxxxxxxx>
Date: Thu, 2 Nov 2017 11:04:06 +0000

Thanks Pascal.

 

Having thought about it I’ve realised that I should stick to the standard that if the value is missing I shouldn’t render the item in the tree.

 

Best regards…Paul

 

From: Wireshark-dev [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Pascal Quantin
Sent: 02 November 2017 09:37
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] Protocol tree - indicating a missing value

 

Hi Paul,

 

2017-11-02 10:17 GMT+01:00 Paul Offord <Paul.Offord@xxxxxxxxxxxx>:

Hi,

 

Is it possible to add an item to the protocol tree but indicate in some way that the value for the field is missing?  I want to produce something like this:

 

Frame 13: 155 bytes on wire (1240 bits), 155 bytes captured (1240 bits) on interface 0

Ethernet II, Src: 00:00:00_0b:ab:e1 (00:00:00:0b:ab:e1), Dst: 00:00:00_0b:ab:e1 (00:00:00:0b:ab:e1)

Babel Data Scope

    Message header

    Log Data

        host: 192.168.5.4

        identid: -

        userid: mattyo

        datetime: [30/Oct/2017:08:12:36 +0000]

        request: POST /TimeRec.php HTTP/1.1

        response code: 302

        bytes returned: -

 

In this mock up, identid and bytes returned values are missing.

 

I’ve tried using:

 

        proto_tree_add_item(tree, p_hf->hfinfo.id, tvb, 0, -1, ENC_NA);

 

where p_hf points to the correct field entry in the hf_register_info array but that results in Malformed Packet errors.

 

 

Any ideas?

 

Empty / missing fields are supported for FT_BYTES and FT_UINT_BYTES. If I remember correctly, this is displayed when the length is 0 bytes long. This is not expected for other types of items.

 

Pascal.


______________________________________________________________________

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.

Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube