Wireshark-dev: Re: [Wireshark-dev] Protocol tree - indicating a missing value
From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Thu, 2 Nov 2017 10:37:21 +0100
Hi Paul,

2017-11-02 10:17 GMT+01:00 Paul Offord <Paul.Offord@xxxxxxxxxxxx>:

Hi,

 

Is it possible to add an item to the protocol tree but indicate in some way that the value for the field is missing?  I want to produce something like this:

 

Frame 13: 155 bytes on wire (1240 bits), 155 bytes captured (1240 bits) on interface 0

Ethernet II, Src: 00:00:00_0b:ab:e1 (00:00:00:0b:ab:e1), Dst: 00:00:00_0b:ab:e1 (00:00:00:0b:ab:e1)

Babel Data Scope

    Message header

    Log Data

        host: 192.168.5.4

        identid: -

        userid: mattyo

        datetime: [30/Oct/2017:08:12:36 +0000]

        request: POST /TimeRec.php HTTP/1.1

        response code: 302

        bytes returned: -

 

In this mock up, identid and bytes returned values are missing.

 

I’ve tried using:

 

        proto_tree_add_item(tree, p_hf->hfinfo.id, tvb, 0, -1, ENC_NA);

 

where p_hf points to the correct field entry in the hf_register_info array but that results in Malformed Packet errors.

 

 

Any ideas?


Empty / missing fields are supported for FT_BYTES and FT_UINT_BYTES. If I remember correctly, this is displayed when the length is 0 bytes long. This is not expected for other types of items.

Pascal.