Sake Blok wrote:
On Mon, Mar 12, 2007 at 09:59:58PM +0100, Julian Fielding wrote:
Jeff Morriss wrote:
Normally I'd see the use in not changing semantics for a field, but I
don't think the current semantics make any sense at all so I can't
imagine it is being used [therefor it's OK to change it].
It makes no sense in a display filter, but it is useful in a colour filter
or in Edit > Find Packet > By Display filter.
I often use a colour filter to highlight frames with frame.time_delta>x,
where x is something small. Of course it's only meaningful if the
displayed frames are all related in some logical way, but that often
applies because I've used capture or display filters to get such a
display.
I don't mind a name change, but don't want to lose the present
functionality.
That's an interesting use--hadn't thought of that. Glad I asked! :-)
[...]
I did however start to look into the code to see how I could implement
the extra field. I realise that I need to start to understand how
wireshark actually handles frames. Some fields are filled by the
dissector and some fields are filled while looping through the
packets it seems. It will take me some time to understand how this
works and where the field must be generated. Any help on this is
more than welcome.
Look for where "del_ts" is set in "file.c" (Wireshark) and "tshark.c"
(tshark). You'll need a new timestamp in the frame data structure.
Then in packet-frame.c you'll need to put this new timestamp in a new
frame header field, similar to the current field.
