Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] master 8d65ccf: Show answers a line at a

From: "Maynard, Chris" <Christopher.Maynard@xxxxxxx>
Date: Wed, 25 Dec 2019 23:13:24 +0000
> -----Original Message-----
> From: Guy Harris [mailto:guy@xxxxxxxxxxxx]
> Sent: Wednesday, December 25, 2019 4:50 PM
> To: Maynard, Chris <Christopher.Maynard@xxxxxxx>
> Cc: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
> Subject: Re: [Wireshark-dev] [Wireshark-commits] master 8d65ccf: Show
> answers a line at a time, after the request frame and time delta.
>
> On Dec 25, 2019, at 1:35 PM, Maynard, Chris
> <Christopher.Maynard@xxxxxxx> wrote:
>
> > On Dec 25, 2019, at 3:19 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
> >
> >> And, given that, is there any need to show the full text in the top-level item?
> >
> > Well, showing the full text allows for full "Copy -> Value" to continue to work,
> and including the full text in a single "whos.answer" should, in theory at least,
> allow for pattern matching with the matches operator across lines, which the
> current implementation no longer allows.
>
> What's displayed to in the packet details pane and what's the value of the field
> from the point of view of Copy > Value and of operators testing the field value
> aren't necessarily the same.  (From the internal point of view, a field_info
> structure:
>
>         typedef struct field_info {
>             header_field_info   *hfinfo;          /**< pointer to registered field
> information */
>             gint                 start;           /**< current start of data in field_info.ds_tvb
> */
>             gint                 length;          /**< current data length of item in
> field_info.ds_tvb */
>             gint                 appendix_start;  /**< start of appendix data */
>             gint                 appendix_length; /**< length of appendix data */
>             gint                 tree_type;       /**< one of ETT_ or -1 */
>             guint32              flags;           /**< bitfield like FI_GENERATED, ... */
>             item_label_t        *rep;             /**< string for GUI tree */
>             tvbuff_t            *ds_tvb;          /**< data source tvbuff */
>             fvalue_t             value;
>         } field_info;
>
> has a "rep" field, showing the "string for GUI tree" (or for the output of tshark -
> V, or...), and a "value" field, storing the field value.

Yes, of course, I'm fully aware of that.  But displaying the full text, even if truncated, allows one to at least view part of the answer (if not all of it in some cases) without necessarily needing to expand it to view each line.
- Chris











CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.