Re: Exposing the encoding of fields

[Guy Harris <guy () alum mit edu>]

On Oct 12, 2017, at 1:53 PM, Sultan, Hassan via Wireshark-dev <wireshark-dev () wireshark org> wrote:

> Sorry for going silent for a while, I had to step away from my Wireshark-based project for a while.
>  
> Looking at the code of Wireshark, unless I misunderstood it, it seems that the encoding of fields (aside of 
> big/little endian for integers) is not exposed in field_info/header_field_info ?

header_field_info is for a named field, not for an instance of a named field; not all instances of a named field have 
the same encoding, so the encoding isn't present there.

The encoding isn't currently stored in the field_info structure.  Storing it there might increase the memory 
requirements of dissection, but there might be ways of avoiding that.

For example, if, for fields extracted from packet data rather than calculated from packet data or other data, the field 
value could be determined from information in the field_info structure, we could eliminate the fvalue_t and, if the 
value is needed, extract it when needed.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe