Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: displaying header field without filtering capability

From: Evan Huus <eapache () gmail com>
Date: Wed, 19 Feb 2014 17:24:11 -0500
You could use proto_tree_add_text but that is strongly recommended
against. Why do you want to explicitly disallow filtering? If the
field is reserved and not important you could just not add any item at
all, and skip that byte entirely...

On Wed, Feb 19, 2014 at 4:17 PM, John Dill <John.Dill () greenfieldeng com> wrote:


I'm trying to add a header field for spare bytes in a custom dissector.

Currently, I'm creating a header field for a 'Spare' data element in a
'Status' message, as shown in the example below:

\code snippet
{
  &hf_Spare,
  {
    "Spare",
    "msg.Status.Spare",
    FT_UINT8,
    BASE_HEX,
    NULL,
    0x0,
    "Spare",
    HFILL
  }
},
\endcode

Later I have a function that processes the 'Status' message components.

void dissect_message_Status(tvbuff_t* tvb, gint offset, proto_tree *tree)
{
  proto_tree_add_item(tree, hf_Field1, tvb, offset,     1, ENC_BIG_ENDIAN);
  proto_tree_add_item(tree, hf_Spare,  tvb, offset + 1, 1, ENC_BIG_ENDIAN);
  proto_tree_add_item(tree, hf_Field2, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
}

Visually it works great in the Packet Details pane.  The issue is that I
don't want to allow any filtering based on the 'Spare' data field when the
user is editing a Filter Expression.

What is the recommended method to handle this scenario?  Do I need to remove
the hf_Spare structure from the hf_register_info array and use something
like proto_tree_add_text?  I also see something about PROTO_ITEM_SET_HIDDEN,
but it doesn't look like it applies.

Thanks,
John Dill


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: