Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] [Updated patch] New feature: highlight results of find packet

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Tue, 7 Nov 2006 22:07:43 -0800
On Tue, Nov 07, 2006 at 05:25:48PM -0800, Stephen Fisher wrote:

> Attached is a patch that enables Wireshark to highlight in the tree 
> and hex display the results of a search.  This works for both hex and 
> string searches in the Find Packet window.  This is a feature I've 
> wanted forever and Ulf opened it as a feature request in bug 776 :).

Attached is an updated patch that changes the new cfile string from 
string_pos to search_pos since it's not only used for text searches 
(it's also used for hex searches).  I also updated its description 
comment.


Steve

Index: gtk/main.c
===================================================================
--- gtk/main.c	(revision 19843)
+++ gtk/main.c	(working copy)
@@ -1861,6 +1861,20 @@
     add_main_byte_views(cf->edt);
     main_proto_tree_draw(cf->edt->tree);
 
+    /* The user is searching for a string in the data or a hex value,
+     * highlight the field that is found in the tree and hex displays. */
+#if GTK_MAJOR_VERSION < 2
+    if((cfile.string || cfile.hex) && cfile.search_pos != 0) {
+	    highlight_field(cf->edt->tvb, cfile.search_pos,
+        			    (GtkCTree *)tree_view, cf->edt->tree);
+#else
+    if((cfile.string || cfile.hex) && cfile.search_pos != 0) {
+	    highlight_field(cf->edt->tvb, cfile.search_pos,
+        			    (GtkTreeView *)tree_view, cf->edt->tree);
+#endif
+		    cfile.search_pos = 0; /* Reset the position */
+    }
+
     /* A packet is selected. */
     set_menus_for_selected_packet(cf);
 }
Index: gtk/proto_draw.c
===================================================================
--- gtk/proto_draw.c	(revision 19843)
+++ gtk/proto_draw.c	(working copy)
@@ -386,15 +386,10 @@
     GtkText      *bv = GTK_TEXT(widget);
 #else
     GtkTreeView  *tree_view;
-    GtkTreeModel *model;
-    GtkTreePath  *first_path, *path;
-    GtkTreeIter   parent;
     GtkTextView  *bv = GTK_TEXT_VIEW(widget);
     gint          x, y;
     GtkTextIter   iter;
-    struct field_lookup_info fli;
 #endif
-    field_info	 *finfo;
     int           row, column;
     int           byte;
     tvbuff_t     *tvb;
@@ -546,6 +541,34 @@
     /* Get the data source tvbuff */
     tvb = OBJECT_GET_DATA(widget, E_BYTE_VIEW_TVBUFF_KEY);
 
+#if GTK_MAJOR_VERSION < 2
+    return highlight_field(tvb, byte, ctree, tree);
+#else
+    return highlight_field(tvb, byte, tree_view, tree);
+#endif
+}
+
+/* This highlights the field in the proto tree that is at position byte */
+#if GTK_MAJOR_VERSION < 2
+gboolean
+highlight_field(tvbuff_t *tvb, gint byte, GtkCTree *ctree,
+		proto_tree *tree)
+#else
+gboolean
+highlight_field(tvbuff_t *tvb, gint byte, GtkTreeView *tree_view,
+		proto_tree *tree)
+#endif
+{
+#if GTK_MAJOR_VERSION < 2
+    GtkCTreeNode *node, *parent;
+#else
+    GtkTreeModel *model;
+    GtkTreePath  *first_path, *path;
+    GtkTreeIter   parent;
+    struct field_lookup_info fli;
+#endif
+    field_info	 *finfo;
+
     /* Find the finfo that corresponds to our byte. */
     finfo = proto_find_field_from_offset(tree, byte, tvb);
 
Index: gtk/proto_draw.h
===================================================================
--- gtk/proto_draw.h	(revision 19843)
+++ gtk/proto_draw.h	(working copy)
@@ -102,6 +102,24 @@
  */
 extern gboolean byte_view_select(GtkWidget *widget, GdkEventButton *event);
 
+/** This highlights the field in the proto tree that is at position byte
+ *
+ * @param tvb the current tvbuff
+ * @param byte the byte offset within the packet to highlight
+ * @param tree_view the current tree_view
+ * @param tree the current tree
+ * @return TRUE if highlighting was successful
+ */
+#if GTK_MAJOR_VERSION < 2
+gboolean
+highlight_field(tvbuff_t *tvb, gint byte, GtkCTree *ctree,
+		proto_tree *tree);
+#else
+gboolean
+highlight_field(tvbuff_t *tvb, gint byte, GtkTreeView *tree_view,
+		proto_tree *tree);
+#endif
+
 /** Callback for "Export Selected Packet Bytes" operation.
  *
  * @param w unused
Index: cfile.h
===================================================================
--- cfile.h	(revision 19843)
+++ cfile.h	(working copy)
@@ -67,6 +67,7 @@
   gboolean     sbackward; /* TRUE if search is backward, FALSE if forward */
   gboolean     hex;       /* TRUE is raw data search is being performed */
   gboolean     string;    /* TRUE is text search is being performed */
+  guint32      search_pos; /* Position of last character found in search */
   search_charset_t scs_type; /* Character set for text search */
   gboolean     case_type; /* TRUE if case-insensitive text search */
   gboolean     decode_data; /* TRUE if searching protocol tree text */
Index: file.c
===================================================================
--- file.c	(revision 19843)
+++ file.c	(working copy)
@@ -2609,6 +2609,8 @@
 	c_match++;
 	if (c_match == textlen) {
 	  frame_matched = TRUE;
+	  cf->search_pos = i; /* Save the position of the last character
+			       for highlighting the field. */
 	  break;
 	}
       } else
@@ -2640,6 +2642,8 @@
       c_match++;
       if (c_match == textlen) {
 	frame_matched = TRUE;
+	cf->search_pos = i; /* Save the position of the last character
+			       for highlighting the field. */
 	break;
       }
     } else
@@ -2671,6 +2675,8 @@
       i++;
       if (c_match == textlen) {
 	frame_matched = TRUE;
+	cf->search_pos = i; /* Save the position of the last character 
+			       for highlighting the field. */
 	break;
       }
     } else
@@ -2697,6 +2703,8 @@
       c_match++;
       if (c_match == datalen) {
 	frame_matched = TRUE;
+	cf->search_pos = i; /* Save the position of the last character 
+			       for highlighting the field. */
 	break;
       }
     } else