Wireshark mailing list archives
Re: Does proto_deregister_field really work?
From: Guy Harris <guy () alum mit edu>
Date: Mon, 28 May 2018 12:04:15 -0700
On May 28, 2018, at 9:29 AM, Richard Sharpe <realrichardsharpe () gmail com> wrote:
This is in relation to the radiotap headers for HE and HE-MU (and more).
"More" as in MCS, VHT, HE-MU-other-user, HE-MU, and HE, all of which have "known" flags.
The issue is that there are fields in those headers that are unknown unless the appropriate known bit is set to true elsewhere in the header. The approach I took initially was to have two header types: 1. One for when the field was known, and 2. One for when the field was unknown where the search string had unknown in it I would then use the appropriate HF in the code. However, people have complained that this is weird. My thinking was: 1. I don't like it when fields are not dissected, and 2. By using a different search string when a field is unknown we would not get false positives (usually the field is 0, but 0 is usually also a valid value wen the field is known.) An alternative is to change the label associated with the field to include the word unknown,
This is unwise. A given named field shouldn't change its properties over time. Don't do that. Perhaps there should be a "not present in this packet" flag in the flags field of a field_info structure, which could be set in these cases. There might be other places where the bytes/bits for a given field are always present in the packet, but are not used unless the "XXX is present" flag is set elsewhere in the packet. (Perhaps there should also be a "the bits of this field do not constitute a valid value in the encoding used for the field" flag, to use with, for example, invalid strings in the character encoding of a string.) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Does proto_deregister_field really work? Richard Sharpe (May 09)
- Re: Does proto_deregister_field really work? Peter Wu (May 27)
- Re: Does proto_deregister_field really work? Richard Sharpe (May 28)
- Re: Does proto_deregister_field really work? Paul Offord (May 28)
- Re: Does proto_deregister_field really work? Guy Harris (May 28)
- Re: Does proto_deregister_field really work? Richard Sharpe (May 28)
- Re: Does proto_deregister_field really work? Peter Wu (May 27)