On Mon, Mar 19, 2007 at 10:45:42AM +0800, Jeff Morriss wrote:
>
> > I did however start to look into the code to see how I could implement
> > the extra field. I realise that I need to start to understand how
> > wireshark actually handles frames. Some fields are filled by the
> > dissector and some fields are filled while looping through the
> > packets it seems. It will take me some time to understand how this
> > works and where the field must be generated. Any help on this is
> > more than welcome.
>
> Look for where "del_ts" is set in "file.c" (Wireshark) and "tshark.c"
> (tshark). You'll need a new timestamp in the frame data structure.
>
> Then in packet-frame.c you'll need to put this new timestamp in a new
> frame header field, similar to the current field.
Thanks Jeff, that gives me the proper starting points for writing
the enhancement. I'm glad the bug is marked with Low priority and
Minor severity, that give me the time to grasp all the mechanisms
involved :)
I assigned the bug to myself, I hope that is the proper way to use
bugzilla (as this is my first time to write code to solve an
already listed bug).
Cheers,
Sake
