Wireshark-dev: Re: [Wireshark-dev] expert_add_info_format() usage with undecoded/unknown data
Hi,
The possibility to make a Display filter on 'expert data' seems very
good to me.
It could permits to see all packets where there is an error (or ...).
Seems an important feature to me.
But, I think it does not exist.
So, "gg.unknown" is the way to do.
Same way to do into packet-tcp.c : "hf_tcp_checksum_bad" ...
Note that you can filter using "gg.unknown" without any value (if you
add your "unknown" field only "when something unknown happens").
See also : http://wiki.wireshark.org/Development/ExpertInfo
Olivier
Jakub Zawadzki a écrit :
Hi,
I'm developing new gadu-gadu dissector (see bug #3256),
I'm also developer of gadu-gadu protocol library - libgadu,
so it'll be nice if sniffer (i.e. wireshark) notify me about new stuff in protocol
(for instance when magic field change, or when we receive packet longer
than suspected)
expert_add_info_format(..., PI_UNDECODED, PI_WARN, "Foo happens!");
/* by the way is PI_WARN good severity? */
works nice, however I'd like this packet to be hightlight in packet list
without expading tree, (yes, I know about Expert Info window)
I thought about creating some field hf_gg_unknown (gg.unknown) set it
when something unknown happens.
and inside GUI add new coloring rule, when gg.unknown = 1, paint it with
red background.
Is this acceptable method? Or am I'm inventing the wheel and I can
highlight packets (not only fields in tree) with 'expert data' with some
configuration option?
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
--
Wireshark Generic Dissector http://wsgd.free.fr
