I had a look at the patch [1], which introduced -T fields, especially at this file [2]. However I did not figure out why it outputs nothing for some fields. As far as I can see, all the fields added with -e are appended to the 'fields' struct within output_fields_add(..), but I can't see where it gets the values for the fields (guess: in proto_tree_get_node_field_values(..), but I don't understand this function so far)
I would be glad if somebody else could have a look at this. [1] http://anonsvn.wireshark.org/viewvc/viewvc.py?view=rev&revision=21211 [2] http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/print.c?r1=21211&r2=21210&pathrev=21211 On Jan 18, 2008 11:38 AM, Sake Blok <[EMAIL PROTECTED]> wrote: > On Fri, Jan 18, 2008 at 10:48:48AM +0100, Nils wrote: > > Thanks a lot for your quick replay! > > > > > In case of the field "tcp.analysis.retransmission" I think there > > > is room for improvement. Even when this field is in the packet, no > > > output is given. That is because this field does not have a value. > > > It is either present or not. > > > > Is this because it's type is 'None'? I'll open a bug, but I would also > > like to be able to fix this myself, I just don't have an idea where. > > In "tshark.c", the "function print_packet()" takes care of printing > each packet. In case of -T fields (case WRITE_FIELDS:) the function > "proto_tree_write_fields()" is used. This function resides in > "print.c". This function walks through the tree and uses > "proto_tree_get_node_field_values()" to fill in the values. > > I think this function needs to check for type "None" fields and > insert some value when the field is present. Nice to hear that > you want to fix this yourself, I hope this gives you some sense > of direction :-) > > > > Using filters currently is not an option, since I want to parse the > > output of multiple fields automatically. With filters I would have to > > run multiple instances of tshark AFAIK. > > I totally agree with you here... > > > Cheers, > Sake > _______________________________________________ > Wireshark-dev mailing list > [email protected] > http://www.wireshark.org/mailman/listinfo/wireshark-dev > _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
