Kumar, Hemant wrote:
But what I am actually looking for is when the user goes for setting
subfields type so as to filter messages of his interest, he should
see a tree structure with subfields beneath the main field.
That is for example for tcp it should not appear as
Tcp.flags.cwr
Tcp.flags.ecn
Tcp.flags.urg
Tcp.flags.ack and so on rather it should appear as
Tcp+
Flags+
cwr
ecn
urg
ack
By clicking on the + the subtree should appear
"Appear" where? Presumably not in the protocol tree, because that's how
it *does* appear there. It sounds as if you mean in the "Filter
Expression" dialog box.
So I don't want to register fields like ged125.service_control rather
just register Service control which is going to be common to several
other messages separately and then relate it to those messages in the
dissect_function()while feeding the information from tvb_buffer in to
the field. Ofcourse , this is possible but then in the expression window
simply appears service_control and ged125+
Service_control.
Please shed some light on this aspect whether it is possible to this is wireshark.
It's not.
We could probably have the code that constructs the tree view in the
"Filter Expression" dialog box check, if there's a field
"foo.bar.bletch", whether there's a "foo.bar" field, and, if so, put
"foo.bar.bletch" into a tree under "foo.bar" rather than at the top level.