On Feb 24, 2009, at 1:26 PM, wsgd wrote:
I have tried your patch (on wireshark 1.1.3).
Seems to work well.
Explanations for other people :
On each field where an expert info has been declared,
a subtree Expert Info is added with
a field Severity with its value : Error, ...
a field Group with its value : Checksum, Malformed, ...
...and without the actual text of the expert information.
It would probably be more useful *with* the text of the expert
information; as long as we're adding the expert information to the
protocol tree, we might as well show what the problem is.
I've attached a version of Jakub's patch that does that as well.
In addition, it might be useful to have a way to register particular
expert information indications, so that you could search for packets
with *specific* problems. For those, you might have a particular
indication registered as a pseudo-field for a protocol, e.g.
"tcp.bad_checksum" if we used expert information to report bad TCP
checksums. That item could be added underneath the top-level "Expert
Info" item, along with the severity and group.
Index: epan/expert.c
===================================================================
--- epan/expert.c (revision 27539)
+++ epan/expert.c (working copy)
@@ -36,9 +36,15 @@
static int expert_tap = -1;
+static int proto_expert = -1;
static int highest_severity = 0;
+static int ett_expert = -1;
+static int ett_subexpert = -1;
+static int hf_expert_group = -1;
+static int hf_expert_severity = -1;
+
const value_string expert_group_vals[] = {
{ PI_CHECKSUM, "Checksum" },
{ PI_SEQUENCE, "Sequence" },
@@ -65,10 +71,30 @@
void
expert_init(void)
{
+ static hf_register_info hf[] = {
+ { &hf_expert_group,
+ { "Group", "expert.group", FT_UINT32, BASE_HEX, VALS(expert_group_vals), 0, "Wireshark expert group", HFILL }
+ },
+ { &hf_expert_severity,
+ { "Severity level", "expert.severity", FT_UINT32, BASE_HEX, VALS(expert_severity_vals), 0, "Wireshark expert severity level", HFILL }
+ }
+ };
+ static gint *ett[] = {
+ &ett_expert,
+ &ett_subexpert
+ };
+
if(expert_tap == -1) {
expert_tap = register_tap("expert");
}
+ if (proto_expert == -1) {
+ proto_expert = proto_register_protocol("Expert Info", "Expert", "expert");
+ proto_register_field_array(proto_expert, hf, array_length(hf));
+ proto_register_subtree_array(ett, array_length(ett));
+ proto_set_cant_toggle(proto_expert);
+ }
+
highest_severity = 0;
}
@@ -108,6 +134,9 @@
int ret; /*tmp return value */
char formatted[300];
expert_info_t *ei;
+ proto_tree *tree;
+ proto_item *ti;
+ proto_tree *expert_tree;
/* if this packet isn't loaded because of a read filter, don't output anything */
@@ -132,9 +161,19 @@
ei->summary = ep_strdup(formatted);
ei->pitem = NULL;
+ tree = proto_item_add_subtree(pi, ett_expert);
+ ti = proto_tree_add_protocol_format(tree, proto_expert, NULL, 0, 0, "Expert Info (%s/%s): %s",
+ val_to_str(severity, expert_severity_vals, "?%u?"),
+ val_to_str(group, expert_group_vals, "?%u?"),
+ formatted);
+
+ expert_tree = proto_item_add_subtree(ti, ett_subexpert);
+ proto_tree_add_uint(expert_tree, hf_expert_severity, NULL, 0, 0, severity);
+ proto_tree_add_uint(expert_tree, hf_expert_group, NULL, 0, 0, group);
+
/* if we have a proto_item (not a faked item), set expert attributes to it */
if(pi != NULL && pi->finfo != NULL) {
- ei->pitem = pi;
+ ei->pitem = pi;
expert_set_item_flags(pi, group, severity);
}
