Wireshark mailing list archives
Re: Undissected reserved fields
From: mmann78 () netscape net
Date: Fri, 27 Feb 2015 15:32:07 -0500
To me this is a granularity/filter issue. For dissectors that I don't personally use (but want to increase filterability), I try to put as many reserved bytes into a single hf_ field, mostly out of laziness (for those that care more about the protocol to clean up/decide granularity). But it does give other users of the dissector a chance to find them with "myprotocol.reserved". Is that better than "myprotocol && _ws.reserved"? not sure. For dissectors I personally use, I still usually don't create an individual reserved field for each place one could be, so if I want to find "all" I don't have a really long filter. You also want consistency so that all protocols use the same convention, so we don't end up with "myprotocol.reserved" for some cases and requiring "myotherprotocol && _ws.reserved" in others. Since we're already far down the "myprotocol.reserved" road now, I'd prefer to stay there rather than update all of the current reserved fields. -----Original Message----- From: Evan Huus <eapache () gmail com> To: Developer support list for Wireshark <wireshark-dev () wireshark org> Sent: Fri, Feb 27, 2015 2:55 pm Subject: Re: [Wireshark-dev] Undissected reserved fields Should Wireshark have an internal _ws.reserved FT_BYTES field and a proto_tree_add_reserved(tvb, offset, len) API? On Fri, Feb 27, 2015 at 2:36 PM, Jeff Morriss <jeff.morriss.ws () gmail com> wrote:
+1 On 02/27/15
14:04, mmann78 () netscape net wrote:
What I've done is usually setup a
FT_UINT32 and/or a FT_BYTES (with
different abbreviations) and that's
usually inclusive enough (maybe if
I'm feeling generous setup a FT_UINT8
though FT_UINT32). If dissectors
only have FT_UINT8 "reserved" fields, then
I just add that. But I
rarely look to give each reserved field a unique
name.
-----Original Message----- From: Graham Bloice
<graham.bloice () trihedral com>
To: Developer support list for Wireshark
<wireshark-dev () wireshark org>
Sent: Fri, Feb 27, 2015 1:43 pm Subject:
Re: [Wireshark-dev] Undissected reserved fields
How do we handle the
case where a protocol has many reserved fields, do
they each need an hf and
a name?
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe:
https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Undissected reserved fields Dario Lombardo (Feb 27)
- Re: Undissected reserved fields Jeff Morriss (Feb 27)
- Re: Undissected reserved fields Graham Bloice (Feb 27)
- Re: Undissected reserved fields mmann78 (Feb 27)
- Re: Undissected reserved fields Jeff Morriss (Feb 27)
- Re: Undissected reserved fields Evan Huus (Feb 27)
- Re: Undissected reserved fields mmann78 (Feb 27)
- Re: Undissected reserved fields Graham Bloice (Feb 27)
- Re: Undissected reserved fields Jeff Morriss (Feb 27)
- Re: Undissected reserved fields Sean O. Stalley (Feb 27)