Hi folks,
One of the things I dislike in dissectors is where people don't
dissect all the bytes in a packet. Sometimes it is done because the
bytes are padding bytes or because the function of those bytes is
unknown or what have you.
An interesting case relates to radiotap where since the HE (High
Efficiency, Wi-Fi 6) version the spec has included an set of 'known'
fields in the header. These bits indicate which of the following
fields are actually known. Fields that are not known will have values
in them but the values did not come from hardware.
The question is: Should those fields be displayed but marked as not
known? That is, should they be inserted into the tree.
Doing so makes filtering easier because you can just filter on the
fields of interest instead of having to filter on a known field.
Not doing so leaves gaps in the data if you are looking at the data
portion of a frame.
Any thoughts on how this should be handled?
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者)