Greg Morris wrote:
List,
I would like to expand the expert_info_t struct in /epan/expert.h to
include more data for filtering. I would also like to expand the
number of parameters passed to expert_add_info_format() to include the
label of the item to search. For example packet-tcp.c calls
expert_add_info_format like this...
expert_add_info_format(pinfo, flags_item, PI_SEQUENCE, PI_NOTE,
"Retransmission (suspected)");
I would like to add a parameter to indicate the item to search or
filter data on. (tcp.analysis.retransmission).
There's no need to, as flags_item points to that information so no
additional parameter is needed.
I would like to store this inside the expert_info_t struct for later
use by my combined expert statistics feature so that the user can
easily filter/colorize/find packets matching the expert condition.
(similar to functionality in SRT)
Please don't explain by referring to SRT statistics only. There are a
lot of different ways statistics are done, and most people (including
me) doesn't know them all.
/** only for internal and display use */
typedef struct expert_info_s {
guint32 packet_num;
int group;
int severity;
gchar * protocol;
gchar * summary;
gchar * fvalue_label; /* add for filter support */
} expert_info_t;
I would also like to modify the expert tap to trap for the value of
the fvalue label.
"the expert tap to trap for the value of the fvalue label"?!? I didn't
know that we are using traps in Ethereal ...
I assume that I could make a call to fvalue_() functions to retrieve
the actual value but we may be better off actually passing the value
and storing that in the expert_info_t struct as well. Ideas? comments?
Currently my combined expert statistics
what is your combined expert statistics?!?
will search the internet (google) for the summary string and protocol.
I would also like to add the ability to search and filter within
Ethereal. But to do that I need some reference to build the filter
syntax. If nobody believes this to be a good idea I can drop these
features.
Conclusion:
Sorry, but I just don't really understand what you are talking about. As
I've seen often on this list before, you are trying to describe a
solution. However, you simply forgot to describe the problem which you
are trying to solve. This makes it very hard to understand and even
harder to give any suggestions on this. Some question comes to mind
(probably incomplete):
What is the problem you are trying to solve?
What is the benefit to gain?
Can it currently be solved in a different (but probably inconvenient)
way or not at all?
In which (use-)cases will it be helpful (and in which not)?
What are the steps to use it?
...
Regards, ULFL
