On Oct 12, 2017, at 1:53 PM, Sultan, Hassan via Wireshark-dev <wireshark-dev@xxxxxxxxxxxxx> wrote:
> Sorry for going silent for a while, I had to step away from my Wireshark-based project for a while.
>
> Looking at the code of Wireshark, unless I misunderstood it, it seems that the encoding of fields (aside of big/little endian for integers) is not exposed in field_info/header_field_info ?
header_field_info is for a named field, not for an instance of a named field; not all instances of a named field have the same encoding, so the encoding isn't present there.
The encoding isn't currently stored in the field_info structure. Storing it there might increase the memory requirements of dissection, but there might be ways of avoiding that.
For example, if, for fields extracted from packet data rather than calculated from packet data or other data, the field value could be determined from information in the field_info structure, we could eliminate the fvalue_t and, if the value is needed, extract it when needed.