Wireshark-bugs: [Wireshark-bugs] [Bug 8579] Dissector for ASTERIX packets

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 16 Apr 2013 14:10:16 +0000

changed bug 8579

What Removed Added
Status UNCONFIRMED INCOMPLETE
Ever confirmed   1

Comment # 5 on bug 8579 from 
So I've looked briefly at the protocol spec and having read your response I
think I understand where the confusion is.

Let's take an example protocol where the first field is a 'type' field and the
second field is something else depending on what type is in in the first field.
I think what you're doing is basically defining a single shared hf var for all
possible values of the second field and then appending text to differentiate,
something like this:

proto_tree_add_item(hf_first_field);
proto_tree_add_item(hf_second_field);
if (first type)
    proto_tree_append_text(real second field value);
else if (second type)
    proto_tree_append_text(other real second field value);

The conventional way to accomplish this would actually be to create two
separate hf vars, one for each type of the second field so the code would look
more like this:

proto_tree_add_item(hf_first_field);
if (first type)
    proto_tree_add_item(hf_second_field_type1);
else if (second type)
    proto_tree_add_item(hf_second_field_type2);

This method has a couple of advantages:
- values for the second field are filterable and identifiable by name (not just
by the fact that it's the second field)
- simpler, faster and safer display code, making use of Wireshark's built-in
formatting API

I believe all of the FieldPart and AsterixField structure data makes more sense
as entries in the hf arrays? And the fact that you're defining FIELD_PART_INT,
FIELD_PART_UINT, etc. makes me suspect that all of that can be replaced with
more conventional FT_INT, FT_UINT etc. in the proper hf array.

I may still be totally misunderstanding the protocol, but if I am correct then
I'm afraid you've signficantly misunderstood Wireshark's API. Please make sure
you've read section 1.6 of README.developer.

(Re: string buffers, hopefully the string buffers will be totally unnecessary
once using proto_tree_add_item for everything, but if not then we can revisit).

If you have further questions I'm happy to answer what I can.
Evan

You are receiving this mail because:
  • You are watching all bug changes.