2013/8/13 DbdM Tbt <[email protected]> > Good day to all. > Please bear with me as I am still learning the ins and outs of formatting > dissector output. > I have come across a discussion about hidden fields and generated fields. > http://www.wireshark.org/lists/wireshark-dev/201110/msg00257.html > > I am curious about this because I have a filter requirement. > > Let's say there is a field called 'command' > +---------+ > | field 1 | > +---------+ > | command | > +---------+ > | field n | > +---------+ > > 'command' can have 3 values. > add (1), modify (2), delete (3) > > From what I have currently seen so far, the 'command' field is first > 'registered' through a 'static hf_register_info' variable into > proto_register_field_array() > > So for the 'command' field it will look something like: > { &ofx_command, { "Command", "ofx.command", FT_UINT32, BASE_DEC, > VALS(cmd_vals), NO_MASK, "Command", HFILL } } > Hence, 'ofx.command' will become the filter name. > > Now I would like to create a 'convenience filter' (I don't know the > correct term) for the 3 values. > ofx.command.add > ofx.command.modify > ofx.command.delete > > With what I know, I will implement this by: > 1. register additional 3 'static hf_register_info' entries for each filter. > 2. and use hidden fields so that wireshark will display only 1 field. > This will be so that the filter ofx.command and for example, > ofx.command.add (assuming the value is add(1)), will work simultaneously. > > But based on what I have read, hidden fields are deprecated and/or > discouraged (?). > > How would more experienced dissector developers go around this? > > And from the discussion that I linked at the start, there is a mention > about 'generated fields' > I tried searching in google and the archives for the above keyword but no > clear information as to what are they and how they are implemented (how > they look?). > Can anyone share some info about this? > > Thank you very much, > David > > Hi David,
is a filter ofx.command.add really more convenient than ofx.command == "add" ? I believe it's really not worth the hassle. Regarding generated fields, have a look at PROTO_ITEM_SET_GENERATED() chapter in doc/README.developer file and look for examples in epan/dissectors folder. Best regards, Pascal.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
