Ethereal-dev: [ethereal-dev] Filtering "enumerated" fields symbolically

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Tue, 28 Sep 1999 21:51:25 -0700
> 1) Lots of information is dupicated during the proto_tree_add_item call,
> not to mention the call has to be proto_tree_add_item_format().
> 
>   usage:
> 	proto_tree_add_item_format(bf_tree, hf_sna_rh_rri, offset, 1, rh_0 & 80,
> 	  decode_enumerated_bitfield(rh_0, 0x80, 8, sna_rh_rri_vals, "%s"));

	...

> 2) Furthermore, because the proto_tree code treats bitfields as ordinary
> ints, the values are bit-shifted. For the value of the SNA field "FID":
>      0 0 1 0  . . . .   FID = 2
> 
>      the display filter would have to be: "sna.th.fid == 0x20, but it really
> should be "sna.th.fid == 0x2".

Speaking of display filters and enumerated fields, it might be nice to
have some way of specifying values for enumerated fields (whether
bitfields or not) symbolically, e.g. if ARP fields were entered with
"proto_tree_add_item()", you might want to do something like

	arp.protocol_type == {IP}

or

	arp.protocol_type = "IP"

rather than having to do

	arp.protocol_type = 0x0800

(although the latter should be allowed, if possible, as well).