Hello,
I have quite a nice list of coloring rules for wireshark which help
diagnose network problems. I find it useful to add a column
frame.coloring_rule.string to display strange packets right away.
Sorting by this column allows to quickly find interesting packets in a
larger tracefiles. Although this is somewhat hindered by the following
bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5703
Now I wanted to make it easier to find packets that are colored by
adding them to the expert infos using expert_add_info_format(...).
I wrote a patch that unfortunately does not work. I would be grateful if
somebody being more familiar with the wireshark code could give me a
hint to why calling expert_add_info_format like I do does not work.
Thanks,
Oliver Ripka
Index: color_filters.c
===================================================================
--- color_filters.c (Revision 36113)
+++ color_filters.c (Arbeitskopie)
@@ -47,6 +47,12 @@
#include "ui_util.h"
#include <epan/prefs.h>
+#include <epan/expert.h>
+#include <epan/epan_dissect.h>
+#include <epan/proto.h>
+#include <epan/epan.h>
+#include <epan/packet_info.h>
+
#define RED_COMPONENT(x) (guint16) (((((x) >> 16) & 0xff) * 65535 / 255))
#define GREEN_COMPONENT(x) (guint16) (((((x) >> 8) & 0xff) * 65535 / 255))
#define BLUE_COMPONENT(x) (guint16) ( (((x) & 0xff) * 65535 / 255))
@@ -450,6 +456,8 @@
{
GSList *curr;
color_filter_t *colorf;
+ proto_item *pit = (proto_item *)(edt->tree->last_child);
+ packet_info *pi = (packet_info * )&(edt->pi);
/* If we have color filters, "search" for the matching one. */
if (color_filters_used()) {
@@ -464,7 +472,13 @@
#ifndef NEW_PACKET_LIST
/* We'll do this in the column cell function instead. */
packet_list_set_colors(row, &(colorf->fg_color), &(colorf->bg_color));
+
+
#endif
+ /* Add color to the Expert Info */
+ expert_add_info_format(pi, pit, PI_PROTOCOL, PI_ERROR, "%s", colorf->filter_name);
+
+
return colorf;
}
curr = g_slist_next(curr);
