Apologies if this came through twice...I didn't see it make it into a
digest.
I think I'm missing something pretty basic on dissectors around reusing
subsets of a protocol vs. the need to enumerate everything in the hf[]
array.
I can illustrate by a sample protocol foo; in pseduo-code:
enum {
init = 0,
response,
send,
receive
} MessageType
struct {
MessageType type;
UINT8 data[];
} Foo;
struct {
UINT16 length;
UINT8 data[];
} Payload;
struct {
UINT32 count
struct Payload data;
} InitMessage;
struct {
UINT32 index;
struct Payload data;
} SendMessage;
The basic version would be to have an hf[] array with:
{hf_foo_type, "foo.type"},
{hf_foo_init_count, "foo.init.count"},
{hf_foo_init_payload_length, "foo.init.payload.length"},
{hf_foo_init_payload_data, "foo.init.payload.data"},
{hf_foo_send_index, "foo.send.index"},
{hf_foo_send_payload_length, "foo.send.payload.length"},
{hf_foo_send_payload_data, "foo.send.payload.data"},
and I'd just parse through field-by-field, however this gets incredibly
unwieldy as the number of messages and reuse of structures increases.
What I want to do:
proto_tree_add_item(hf_foo_type, ..);
switch (message)
{
case init:
proto_tree_add_item(hf_foo_init_count, ...);
foo_add_payload(...);
break;
case send:
proto_tree_add_item(hf_foo_send_index, ...);
foo_add_payload(...);
break; }
When I want to filter messages for a specific payload length, I'd want
to be able to search for foo.init.payload.length or
foo.send.payload.length -- but I'm not sure how the payload.length gets
added to the parent tree.
Can someone point me to a dissector that already solves this problem or
point me at the relevant routines?
Thanks in advance!
Ken
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
