Re: About hidden fields and generated fields ...

[Pascal Quantin <pascal.quantin () gmail com>]

2013/8/13 DbdM Tbt <spin.x2k () gmail com>

> Good day to all.
> Please bear with me as I am still learning the ins and outs of formatting
> dissector output.
> I have come across a discussion about hidden fields and generated fields.
> http://www.wireshark.org/lists/wireshark-dev/201110/msg00257.html
>
> I am curious about this because I have a filter requirement.
>
> Let's say there is a field called 'command'
> +---------+
> | field 1 |
> +---------+
> | command |
> +---------+
> | field n |
> +---------+
>
> 'command' can have 3 values.
> add (1), modify (2), delete (3)
>
> From what I have currently seen so far, the 'command' field is first
> 'registered' through a 'static hf_register_info' variable into
> proto_register_field_array()
>
> So for the 'command' field it will look something like:
> { &ofx_command, { "Command", "ofx.command", FT_UINT32, BASE_DEC,
> VALS(cmd_vals), NO_MASK, "Command", HFILL } }
> Hence, 'ofx.command' will become the filter name.
>
> Now I would like to create a 'convenience filter' (I don't know the
> correct term) for the 3 values.
> ofx.command.add
> ofx.command.modify
> ofx.command.delete
>
> With what I know, I will implement this by:
> 1. register additional 3 'static hf_register_info' entries for each filter.
> 2. and use hidden fields so that wireshark will display only 1 field.
> This will be so that the filter ofx.command and for example,
> ofx.command.add (assuming the value is add(1)), will work simultaneously.
>
> But based on what I have read, hidden fields are deprecated and/or
> discouraged (?).
>
> How would more experienced dissector developers go around this?
>
> And from the discussion that I linked at the start, there is a mention
> about 'generated fields'
> I tried searching in google and the archives for the above keyword but no
> clear information as to what are they and how they are implemented (how
> they look?).
> Can anyone share some info about this?
>
> Thank you very much,
> David
Hi David,

is a filter ofx.command.add really more convenient than ofx.command ==
"add" ? I believe it's really not worth the hassle.
Regarding generated fields, have a look at PROTO_ITEM_SET_GENERATED()
chapter in doc/README.developer file and look for examples in
epan/dissectors folder.

Best regards,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe