Wireshark-dev: Re: [Wireshark-dev] Query on Field Registration

From: "Martin Corraine (mcorrain)" <mcorrain@xxxxxxxxx>
Date: Thu, 3 Jul 2008 08:27:44 -0400
Hello Hemant,

The ged125 protocol that I'm finishing right now has a lot of
sub-messages. I would create a field registration of this message type
that has several sub messages below it. So, for instance I can search
"ged125.service_control" for all those messages. Now, if I want to
search for a particular service control I can search by doing this
"ged125.service_control == 20". Below is the field registration. All the
various sub-types are in a value_string array. Hope this helps.

		{ &hf_ged125_service_control_MessageSubvalue,
		{ "Message value", "ged125.service_control", FT_UINT32,
BASE_DEC,
VALS(vals_service_control_message_subvalues), 0x0,
        "Sub-Service Control Message value", HFILL }}


-Martin


-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Abhik Sarkar
Sent: Thursday, July 03, 2008 2:26 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on Field Registration

Hi Hemant,

As far as I know nesting of header fields is not possible... check out
epan/proto.h where the field info structures are defined. What you could
do is something like have:
hf_message_type
hf_field1
hf_field2

Then, the display filter would be "message.type==1 && field1.value==X"
or "message.type==2 && field1.value==X). You can then (in the protocol
tree) next the fields under message types by using subtrees... This is
done for the protocol I am most familiar with (SMPP) and you can check
in packet-smpp.c how the common DCS field is handled in a submit_sm and
a data_sm.

HTH
Abhik

On Thu, Jul 3, 2008 at 4:23 AM, Kumar, Hemant <kumarh@xxxxxxxxxxxx>
wrote:
> Hello
>
>  Another query that has surfaced up while doing the design for
dissector module is , whether there is a concept of tree and subtree
while registration of the fields?
>
> Actually, I have a set of messages and all of them have a common field

> which again contains subfields. So under the current situation for 
> registration of fields
>
> I have to register the same field again and again for different 
> messages with different names like
>
>
>
> Message1.field1.field2
>
> Message2.field1.field2 and so .
>
>
>
> So that in the expression window user should not get confused with a
common parameter for all the messages.
>
>
>
> Is there any way out so that in the expression window when the user
wants to set some parameter for field2 so as to collect only message 1 ,
he should be able to see a tree under message1 and and then again a
subtree for field1 ,whose branch contains a set of parameters including
field2  and so on and appropriately set the required parameter for a
particular message.
>
> If there is a way out then I will be able to share a common dissect 
> function for a particular field tyoe across all the messages otherwise

> I have to register
>
> Customized fields for various messages and also have to write  
> customized dissectors with the customized variables for particular 
> message type.In this way
>
> For the same field in different messages I have to write several
instances of the same function containing different names of the fields
and subfield which are actually the one and same.
>
>
>
> Any help will be highly appreciated.
>
>
>
> Thanks
>
> Hemant
>
>
> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx 
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
> Sent: Wednesday, July 02, 2008 11:09 AM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Query on Field Registration
>
> Kumar, Hemant wrote:
>
>> I just wanted to put up one query regarding field registration in 
>> packet-xx.c .Is there any limit on the number of fields which we can 
>> register?
>
> No.
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev