Andrew Schweitzer wrote:
> Ok, I think I got it, thanks. So I guess the hf[] array is just a flat
> repository for information about how to display fields in the gui?
The hf[] array is a list of all the fields the dissector *could* use
when dissecting a packet. It has nothing whatsoever to do with what it
*will* use for any *particular* packet.
> I suppose we use comments and field names (e.g.
> "field.subfield.subsubfield") to clarify what we are adding?
The field names are used in display filters, so you should choose field
names suggestive of what the field represents.
A dissector developer can use comments for whatever purpose they want;
there is no convention for using particular comments for hf[] array
elements.
> so hf[] might look like this:
> hf[] = {
> //Header fields
> .... - actual declarations -
> //Msg type X fields
> .... - actual declarations -
> //Msg type X+1 fields
> ... - actual declarations -
It could look like that, yes. (This is a private dissector, I assume;
if you want to submit it for inclusion in Wireshark, don't use C++/C99
comments - not all C compilers with which Wireshark is compiled accept
them.)
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
