Kumar, Hemant wrote: > Thanks Martin and Abhik!! For the replies. > > But what I am actually looking for is when the user goes for setting > subfields type so as to filter messages of his interest, he should see a tree > structure with subfields beneath the main field. > > That is for example for tcp it should not appear as > Tcp.flags.cwr > Tcp.flags.ecn > Tcp.flags.urg > Tcp.flags.ack and so on rather it should appear as > > Tcp+ > Flags+ > cwr > ecn > urg > ack > > By clicking on the + the subtree should appear
That's not (currently) possible in the Expression UI. > So I don't want to register fields like ged125.service_control rather > Just register Service control which is going to be common to several other > messages separately and then relate it to those messages in the > dissect_function()while feeding the information from tvb_buffer in to the > field. Ofcourse , this is possible but then in the expression window > simply appears service_control and ged125+ > Service_control. > > Please shed some light on this aspect whether it is possible to this is > wireshark. No, you would have to create many hf_ entries, one for each message + parameter combination. (Personally I think that design would constrain the power of the filter mechanism but I don't know what you're doing.) _______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev
