Re: Displaying a Manipulated string in the dissector.

[Guy Harris <guy () alum mit edu>]

On Jun 1, 2010, at 11:24 PM, Craig Bumpstead wrote:

> I have a 256 Byte FT_STRING that holds address information. Is it possible to display that information in a human 
> readable format? i.e Address, state etc in the dissector?

What does "manipulated" mean in this context?

Does it mean that

        1) the string isn't taken directly from the packet data, it's synthesized out of various other bits of 
information;

        2) the string *is* taken directly from the packet data, and has a bunch of information in it, and is parsed 
into address, state, etc.;

        3) something else?

If 1), I'd recommend *not* having the string as a data field itself, but to either put the individual items into the 
protocol tree directly, possibly under an FT_NONE field that shows a human-readable summary of the fields.

If 2), I'd suggest making the FT_STRING as a top-level item, and adding separate items underneath it for the various 
items you get from it when you parse it.  You *could* make the display representation of the FT_STRING be something 
other than the raw contents of the string (use proto_tree_add_string_format_value()).

If 3), well, it depends on what else it is....
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe