Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Expert info missing entries

From: Andrej Mikus <wireshark-dev@xxxxxxxx>
Date: Wed, 28 Mar 2007 22:57:18 +0200
Hi,

I do not know if I do something special to reproduce the problem. My dissector
is filling plenty of expert info using approach like:

     guint16 type, assign_length;
     proto_item *le, *item;

     assign_length = tvb_get_ntohs(tvb, offset);
     le = proto_tree_add_text(info_tree, tvb, offset, 2,
         "Assignment Length: %u", assign_length);
     offset += 2; length -= 2;

     if (length != assign_length) {
         proto_item_append_text(le, " (should be %u)", length);
         expert_add_info_format(pinfo, le, PI_MALFORMED, PI_ERROR,
             "Component size mismatch (is %u, should be %u)",
             assign_length, length);
     }

If expert_dlg_init contains cf_retap_packets(&cfile, FALSE); and I open my
capture file, in expert info composite I see 40 messages, while detail info
gives none, even not exceptions when packet is malformed. Applying your patch
I've got it working as expected.

Just now (Last Changed Rev: 21210), for the sake of test I called
expert_add_info_format without protocol item:

    expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_WARN,
        "test... must be %u", WCCPv1);

    if(tree != NULL) {
       expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_WARN,
           "test... tree != NULL");
    }

Result, Expert Info dialog contains only first entries, added with
tree == NULL. To me it matches your questions in initial post.

How does colour highlighting relate to the issue? For me it does not
make any difference.

Regards
Andrej

On Tue, 27.Mar.07 10:42:55 +0100, Martin Mathieson wrote:
> Hi Andrej,
> 
> There wasn't any follow-up to my query.  I'm afraid I've come to
> prefer the 'Expert Info Composite' view.
> 
> I just tried to reproduce the problem with my up-to-date build (it
> doesn't have the patch from the previous email), and everything looks
> OK.  I disabled colour highlighting and the flat 'Expert Info' view
> still gets populated.
> 
> Can you check if this problem has been fixed, or else describe in
> detail how to reproduce the problem?
> 
> Best regards,
> Martin
> 
> On 3/26/07, Andrej Mikus <wireshark-dev@xxxxxxxx> wrote:
> > Team,
> >
> > I came across a problem that is described in posting
> > http://www.wireshark.org/lists/wireshark-dev/200607/msg04326.html
> >
> > I can confirm that the change as described there works, e.g.
> > in expert_dlg_init() I call:
> >    cf_redissect_packets(&cfile);
> > instead of
> >    cf_retap_packets(&cfile, FALSE);
> >
> > I was not able to locate any followup on the posting.
> > Is this problem not important? I am adding many expert infos in my
> > dissector, and would like to understand if they should appear in the
> > expert info list or not.
> >
> > Alternatively, can someone try to figure out why the expert_item value
> > is null when performing a retap (this is from the comment in
> > expert_comp_dlg.c)? I am afraid I would need too much time for it.
> >
> > Thanks in advance
> > Andrej
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev