Andrew Schweitzer wrote:
Ok, I think I got it, thanks. So I guess the hf[] array is just a flat
repository for information about how to display fields in the gui?
The hf[] array is a list of all the fields the dissector *could* use
when dissecting a packet. It has nothing whatsoever to do with what it
*will* use for any *particular* packet.
I suppose we use comments and field names (e.g.
"field.subfield.subsubfield") to clarify what we are adding?
The field names are used in display filters, so you should choose field
names suggestive of what the field represents.
A dissector developer can use comments for whatever purpose they want;
there is no convention for using particular comments for hf[] array
elements.
so hf[] might look like this:
hf[] = {
//Header fields
.... - actual declarations -
//Msg type X fields
.... - actual declarations -
//Msg type X+1 fields
... - actual declarations -
It could look like that, yes. (This is a private dissector, I assume;
if you want to submit it for inclusion in Wireshark, don't use C++/C99
comments - not all C compilers with which Wireshark is compiled accept
them.)