The description of a "field type" for and hf_ field doesn't always correspond to its length on the wire. While many times that is the case for integers (FT_UINTx), it wouldn't be the case for strings or byte arrays (or many of the other field types).
You also have cases were an integer field can vary between 1-4 (or 8) bytes and rather than create separate hf_ fields for every combination, you can just specify the size in proto_tree_add_item, with a single hf_ field (typically FT_UINT32) that covers all of the cases.
I don't think it's a bad thing to just explicitly use an integer value for the size of any field for "code consistency" because not all fields are FT_UINTx types.
-----Original Message-----
From: yves baumes <yves.baumes@xxxxxxxxxxxx>
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Sent: Wed, Aug 19, 2015 10:45 am
Subject: [Wireshark-dev] How to get a header_field_info instance from its id?
Hi everyone,
I am currently developping a dissector. And I have some basic
questions.
My first one would be: how do I get the header_field_info
structure
instance from its structure id? Here is what I'm trying to
achieve:
static int hf_instr_id = -1;
[...]
{ &hf_instr_id,
{ "Instrument Identifier", "my_proto.instr_id", FT_UINT64,
BASE_DEC, NULL,
0x00,
"[...]", HFILL }
},
[...]
ptvcursor_add(cursor,
hf_instr_id, 8, ENC_LITTLE_ENDIAN);
In the line just above I'd like to
replace the length (which is 8) by
something roughly looking like that:
int len = ftype_len(gap_hfinfo.hfi[xxx]->type);
ptvcursor_add(cursor,
hf_instr_id, len, ENC_LITTLE_ENDIAN);
One of my issue is that gap_hfinfo
array (which contains all the
header_fields_info instances) is static to the
proto.c file. And I find
no accessors to it.
Is there an actual way that I've
overlooked?
Or do I need to keep a pointer to header_field_info structure in
the
first place?
Second question: I've took a quick glance at others
dissectors.
It looks like every one of them provide their integer fields' size
twice:
- in the header_field_info
- and also as a parameter of
ptvcursor_add()/proto_tree_add_item().
Is there a reason for doing that?
Historical?
Regards
Yves
BAUMES
___________________________________________________________________________
Sent
via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:
https://www.wireshark.org/lists/wireshark-dev
Unsubscribe:
https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe