Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: string manipulation

From: Guy Harris <guy () alum mit edu>
Date: Mon, 25 Jan 2010 13:47:22 -0800

On Jan 25, 2010, at 1:37 PM, Brian Oleksa wrote:


Does each packet have to have it's own hf_value..??


Each *packet* doesn't have to have its own hf_ value.

Each *field in the protocol* *is* supposed to have its own hf_ value.


Or could I just use 
something like that following for all strings (hf_helen_text)..??

       { &hf_helen_text,
           { "Text", "helen.text", FT_STRING, BASE_NONE, NULL, 0x0,
               "Text", HFILL}}


You could, but that would be wrong.

It would mean that either

        1) all text fields would look like

                Text: {string value}

or

        2) you'd have to use proto_tree_add_string_format() and do extra work for no benefit.

It would also mean that if somebody wanted to find packets where a *particular* string, such as the flow name, had a 
particular value, they couldn't just do

        helen.flowname == "test"


I am also fixing all the places where I used "hf_helen_length".
What is wrong with using hf_helen_length (as this could be very generic)..??


What's wrong with it is that it's *too* generic. :-)  See above.


For example... would you create a hf_value such as (hf_helen_nos) for 
the following example..??

                   // Number of Satellites:
                       guint8 nos;
                       nos = tvb_get_guint8(tvb,offset);
                       proto_tree_add_uint_format(helen_sub_tree, 
hf_helen_length, tvb, offset, 1, 0,
                               "Number of Satellites: %d", nos);


I would most definitely do so!  That's how Wireshark dissectors are supposed to work.


What would this hf_item look like..?? Would it look something like this..??

       { &hf_helen_nos,
           { "nos", "helen.len", FT_UINT8, BASE_DEC, NULL, 0x0,
               "nos", HFILL}},


No, it would look like

      { &hf_helen_nos,
           { "Number of Satellites", "helen.nos", FT_UINT8, BASE_DEC, NULL, 0x0,
               "Number of satellites", HFILL}},

although the second "Number of satellites" could give more detail - it's used in tooltips as a description of the field.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: