Thanks! I used the private_data method and it worked perfectly. Another thing i would like to do is register the CIC i got, using proto_register function, to allow me to filter the capture files using cic as criteria. Is that possible? Sorry if this is a dumb question, my experience with wireshark is really limited. What i did to build and show the cic is this:
converted 21 May ‘13, 10:43 Guy Harris ♦♦ |
One Answer:
(OK, that's a separate question, so I made it into a separate question; this is a Q&A site, not a forum, so separate questions should be separate. The idea is that somebody who has a particular question can look here to see if it's already been answered and, if so, use the existing answer.) The CIC appears to be a 16-bit field, displayed in decimal. Therefore, you should:
And that's it! You might want to pass
to flag it as "generated" to indicate that it's not solely derived from your protocol's data. answered 21 May '13, 10:53 Guy Harris ♦♦ |
My original answer-to-a-question-in-a-comment (before Guy wisely converted that comment into this new question; I'm leaving it as a comment because it's mostly redundant with Guy's more-complete answer above):
As the name implies, only protocols should be registered with
proto_register()
. To make fields filterable you need to add them withproto_tree_add_item()
(preferred) or, for example (and which would actually be better in your case),proto_tree_add_uint()
. The hf entry is what makes the field filterable.(As a general note: anything you add to the tree with
proto_tree_add_text()
is not filterable; therefore that function is strongly discouraged except for some uses as described in README.developer.)Thank you very much Guy and Jeff, for the help. It worked great!
Just a small heads up, the
tree
argument onproto_tree_add_uint()
comes first, like this:proto_tree_add_uint(hf_{protocol}_cic, tup_tree, tab, 0, 0, cic);