THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Does Wireshark provide the ability to lookup strings like it does for values?

The value_string's are useful for mapping numbers to strings, but I'm looking for a way to map strings to other strings. For example, a protocol might contain an abbreviation or acronym for a longer string and I'd like to lookup/display the longer string instead of the abbreviated string. I know I can use BASE_CUSTOM for this, but before I do, I was wondering if there was already something built in to Wireshark that supports this.

Examples:

For value_string, we might have:

static const value_string foo_vals[] = {
    {1, "Hello World"},
    {2, "Goodbye Cruel World"},
    {0, NULL}
};

... but I want something like a string_string:

static const string_string foo_vals[] = {
    {"HW", "Hello World"},
    {"GCW", "Goodbye Cruel World"},
    {NULL, NULL}
};

Thanks.

cmaynard's avatar
11.1k
cmaynard
asked 2019-12-02 19:21:48 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

OK, I now see that string_string is already defined in value_string.[h|c], as well as str_to_str() and friends. I missed it as I had been looking in doc/README.dissector and saw no mention of it. In any case, this is what I was looking for, so this answers my question.

cmaynard's avatar
11.1k
cmaynard
answered 2019-12-02 19:45:16 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer