Re: [Wireshark-commits] master 8d65ccf: Show answers a line at a time, after the request frame and time delta.

["Maynard, Chris via Wireshark-dev" <wireshark-dev () wireshark org>]

> -----Original Message-----
> From: Guy Harris [mailto:guy () alum mit edu]
> Sent: Wednesday, December 25, 2019 4:50 PM
> To: Maynard, Chris <Christopher.Maynard () IGT com>
> Cc: Developer support list for Wireshark <wireshark-dev () wireshark org>
> Subject: Re: [Wireshark-dev] [Wireshark-commits] master 8d65ccf: Show
> answers a line at a time, after the request frame and time delta.
>
> On Dec 25, 2019, at 1:35 PM, Maynard, Chris
> <Christopher.Maynard () IGT com> wrote:
>
> > On Dec 25, 2019, at 3:19 PM, Guy Harris <guy () alum mit edu> wrote:
> >
> > > And, given that, is there any need to show the full text in the top-level item?
> >
> > Well, showing the full text allows for full "Copy -> Value" to continue to work,
> and including the full text in a single "whos.answer" should, in theory at least,
> allow for pattern matching with the matches operator across lines, which the
> current implementation no longer allows.
>
> What's displayed to in the packet details pane and what's the value of the field
> from the point of view of Copy > Value and of operators testing the field value
> aren't necessarily the same.  (From the internal point of view, a field_info
> structure:
>
>         typedef struct field_info {
>             header_field_info   *hfinfo;          /**< pointer to registered field
> information */
>             gint                 start;           /**< current start of data in field_info.ds_tvb
> */
>             gint                 length;          /**< current data length of item in
> field_info.ds_tvb */
>             gint                 appendix_start;  /**< start of appendix data */
>             gint                 appendix_length; /**< length of appendix data */
>             gint                 tree_type;       /**< one of ETT_ or -1 */
>             guint32              flags;           /**< bitfield like FI_GENERATED, ... */
>             item_label_t        *rep;             /**< string for GUI tree */
>             tvbuff_t            *ds_tvb;          /**< data source tvbuff */
>             fvalue_t             value;
>         } field_info;
>
> has a "rep" field, showing the "string for GUI tree" (or for the output of tshark -
> V, or...), and a "value" field, storing the field value.

Yes, of course, I'm fully aware of that.  But displaying the full text, even if truncated, allows one to at least view 
part of the answer (if not all of it in some cases) without necessarily needing to expand it to view each line.
- Chris











CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and 
may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the 
addressee. If you are not the intended recipient and have received this message in error, please delete this message 
from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is 
strictly prohibited.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe