[Richard Sharpe <rsharpe@xxxxxxxxxx>]

On Thu, 28 Mar 2002, Phil Williams wrote:

> > Unfortunately, there's currently no way to look for a "header_field_info"
> > structure by field name, so you can't just look up "tcp" (for the TCP
> > protocol) to get a pointer to compare with "finfo->hfinfo" in your
> > routine, nor can you look up:
> >
> > 	"tcp.hdr_len"		header length of the TCP header
> > 	"tcp.seq"		TCP sequence number
> > 	"tcp.ack"		TCP acknowledgment number
> > 	"tcp.flags.ack"		TRUE if ACK is set, FALSE otherwise
> >
> 
> So it is not possible to look up by name, but are these fields referred
> to by any identifier? If so, would it be possible to look up these values?


It is not currently possible to do what You want, I think.

A long time ago when I first started working on Ethereal, Guy suggested 
that what we really needed for an underlying data structure is an 
attribute-value tree. 

At the time, I did not understand, so I ignored the statement. As time 
went by, I came to see that he is right.

I even spent some effort on building a library that can take a capture and 
give you back an attribute value tree that you can query ... I still have 
it laying around somewhere. If you like, I can resurect it it and you can 
have a play. 


Regards
-----
Richard Sharpe, rsharpe@xxxxxxxxxx, rsharpe@xxxxxxxxx, 
sharpe@xxxxxxxxxxxx