Wireshark · Wireshark-dev: Re: [Wireshark-dev] Query on Field Registration

Wireshark-dev: Re: [Wireshark-dev] Query on Field Registration

From: "Martin Corraine (mcorrain)" <mcorrain@xxxxxxxxx>

Date: Thu, 3 Jul 2008 14:14:23 -0400

Hello Hemant,

I'm still not sure what your trying to do. I'm sorry. Are you having
trouble setting up the trees and subtrees? Or do you want to, when
searching for a particular message type, just display those trees
relating to your search? That I don't think is possible unless you add
more code. Wireshark won't just do that automatically. 

martin

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Kumar, Hemant
Sent: Thursday, July 03, 2008 1:31 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on Field Registration

Thanks Martin and Abhik!! For the replies.

But what I am actually looking for is when the user goes for setting
subfields type so as to filter messages of his interest, he should see a
tree structure with subfields beneath the main field.

That is for example for tcp it should not appear as Tcp.flags.cwr
Tcp.flags.ecn Tcp.flags.urg Tcp.flags.ack and so on rather it should
appear as

Tcp+
    Flags+
            cwr
            ecn
            urg
          ack

By clicking on the + the subtree should appear

So I don't want to register fields like ged125.service_control rather
Just register Service control which is going to be common to several
other messages separately and then relate it to those messages in the
dissect_function()while feeding the information from tvb_buffer in to
the field. Ofcourse  , this is possible but then in the expression
window simply appears service_control and ged125+
                                                        Service_control.

Please shed some light on this aspect whether it is possible to this is
wireshark.

Thanks
Hemant



-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Martin
Corraine (mcorrain)
Sent: Thursday, July 03, 2008 5:28 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on Field Registration

Hello Hemant,

The ged125 protocol that I'm finishing right now has a lot of
sub-messages. I would create a field registration of this message type
that has several sub messages below it. So, for instance I can search
"ged125.service_control" for all those messages. Now, if I want to
search for a particular service control I can search by doing this
"ged125.service_control == 20". Below is the field registration. All the
various sub-types are in a value_string array. Hope this helps.

                { &hf_ged125_service_control_MessageSubvalue,
                { "Message value", "ged125.service_control", FT_UINT32,
BASE_DEC, VALS(vals_service_control_message_subvalues), 0x0,
        "Sub-Service Control Message value", HFILL }}


-Martin


-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Abhik Sarkar
Sent: Thursday, July 03, 2008 2:26 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on Field Registration

Hi Hemant,

As far as I know nesting of header fields is not possible... check out
epan/proto.h where the field info structures are defined. What you could
do is something like have:
hf_message_type
hf_field1
hf_field2

Then, the display filter would be "message.type==1 && field1.value==X"
or "message.type==2 && field1.value==X). You can then (in the protocol
tree) next the fields under message types by using subtrees... This is
done for the protocol I am most familiar with (SMPP) and you can check
in packet-smpp.c how the common DCS field is handled in a submit_sm and
a data_sm.

HTH
Abhik

On Thu, Jul 3, 2008 at 4:23 AM, Kumar, Hemant <kumarh@xxxxxxxxxxxx>
wrote:
> Hello
>
>  Another query that has surfaced up while doing the design for
dissector module is , whether there is a concept of tree and subtree
while registration of the fields?
>
> Actually, I have a set of messages and all of them have a common field

> which again contains subfields. So under the current situation for 
> registration of fields
>
> I have to register the same field again and again for different 
> messages with different names like
>
>
>
> Message1.field1.field2
>
> Message2.field1.field2 and so .
>
>
>
> So that in the expression window user should not get confused with a
common parameter for all the messages.
>
>
>
> Is there any way out so that in the expression window when the user
wants to set some parameter for field2 so as to collect only message 1 ,
he should be able to see a tree under message1 and and then again a
subtree for field1 ,whose branch contains a set of parameters including
field2  and so on and appropriately set the required parameter for a
particular message.
>
> If there is a way out then I will be able to share a common dissect 
> function for a particular field tyoe across all the messages otherwise

> I have to register
>
> Customized fields for various messages and also have to write 
> customized dissectors with the customized variables for particular 
> message type.In this way
>
> For the same field in different messages I have to write several
instances of the same function containing different names of the fields
and subfield which are actually the one and same.
>
>
>
> Any help will be highly appreciated.
>
>
>
> Thanks
>
> Hemant
>
>
> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
> Sent: Wednesday, July 02, 2008 11:09 AM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Query on Field Registration
>
> Kumar, Hemant wrote:
>
>> I just wanted to put up one query regarding field registration in 
>> packet-xx.c .Is there any limit on the number of fields which we can 
>> register?
>
> No.
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev

Follow-Ups:
- Re: [Wireshark-dev] Query on Field Registration
  - From: Kumar, Hemant

References:
- [Wireshark-dev] Query on Field Registration
  - From: Kumar, Hemant
- Re: [Wireshark-dev] Query on Field Registration
  - From: Guy Harris
- Re: [Wireshark-dev] Query on Field Registration
  - From: Kumar, Hemant
- Re: [Wireshark-dev] Query on Field Registration
  - From: Abhik Sarkar
- Re: [Wireshark-dev] Query on Field Registration
  - From: Martin Corraine (mcorrain)
- Re: [Wireshark-dev] Query on Field Registration
  - From: Kumar, Hemant

Prev by Date: Re: [Wireshark-dev] Query on Field Registration
Next by Date: Re: [Wireshark-dev] Query on Field Registration
Previous by thread: Re: [Wireshark-dev] Query on Field Registration
Next by thread: Re: [Wireshark-dev] Query on Field Registration
Index(es):
- Date
- Thread