On Dec 25, 2019, at 1:35 PM, Maynard, Chris <Christopher.Maynard@xxxxxxx> wrote:
> On Dec 25, 2019, at 3:19 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
>> And, given that, is there any need to show the full text in the top-level item?
>
> Well, showing the full text allows for full "Copy -> Value" to continue to work, and including the full text in a single "whos.answer" should, in theory at least, allow for pattern matching with the matches operator across lines, which the current implementation no longer allows.
What's displayed to in the packet details pane and what's the value of the field from the point of view of Copy > Value and of operators testing the field value aren't necessarily the same. (From the internal point of view, a field_info structure:
typedef struct field_info {
header_field_info *hfinfo; /**< pointer to registered field information */
gint start; /**< current start of data in field_info.ds_tvb */
gint length; /**< current data length of item in field_info.ds_tvb */
gint appendix_start; /**< start of appendix data */
gint appendix_length; /**< length of appendix data */
gint tree_type; /**< one of ETT_ or -1 */
guint32 flags; /**< bitfield like FI_GENERATED, ... */
item_label_t *rep; /**< string for GUI tree */
tvbuff_t *ds_tvb; /**< data source tvbuff */
fvalue_t value;
} field_info;
has a "rep" field, showing the "string for GUI tree" (or for the output of tshark -V, or...), and a "value" field, storing the field value.
