On Aug 28, 2008, at 10:08 AM, Tom Stevens wrote:
Here the code:
{ &hf_my_proto_ip_address,
{ "IP Address", "my_proto.ip_address", FT_IPv4, BASE_NONE,
NULL, 0x0,
"My Proto_ip_address", HFILL }},
....
proto_tree_add_item( sub_tree, hf_my_proto_ip_address, tvb, offset,
4, FALSE );
Output:
IP Address: 172.19.0.242 (172.19.0.242)
How can i get rid of the second output of the IP Address in the
parentheses.
You get that output because either
1) Wireshark/TShark can't resolve 172.19.0.242 to a host name
or
2) Wireshark/TShark is configured not to try to resolve 172.19.0.242
to a host name.
If it resolved it to a host name, it'd be
IP Address: hello.sailor.com (172.19.0.242)
How can i get following output:
IP Address: 172.19.0.242
You'd have to use proto_tree_add_ipv4_format() and format the output
yourself.
Perhaps Wireshark should have a routine that, given an IPv4 address,
tries to look up the host name, and if either
1) Wireshark is configured not to try to resolve IP addresses to host
names
or
2) it's configured to try, but the attempt fails
returns a null pointer, and the code to display FT_IPv4 values should:
if a host name is found, display the host name and the IP address -
"IP Address: hello.sailor.com (172.19.0.242)";
if no host name is found, display just the IP address - "IP Address:
172.19.0.242";
and similar things should be done for other network address types
(IPv6, MAC, etc.).