I have introduced a new feature that I think people will really like
(and has been requested in one or two open bug reports.) It lets you
specify any display filter name as a column by choosing the Custom
column type and putting the display filter name in the description. For
example, go to preferences and add a new column type of custom and put
http.request.uri in the description field. Any http packet with an
http.request.uri field will have its contents displayed in the new
column. It is not yet complete (as explained below), but I wanted to
get it out to everyone to start testing / making suggestions for
improvement on.
I have kept it simple so far in that there is not even a prompt of where
to put the display filter name once you choose a custom column. Any
suggestions on how to improve this? Also the column title has to be the
display filter name right now. If an invalid display filter is entered,
it is silently ignored and a blank column will appear.
Coloring rules do not have to be enabled to see the data from these
fields because the presence of one or more custom columns causes tree to
be created (!= NULL) just like the coloring rules does. This means that
custom columns should be disabled when looking for the highest
performance from Wireshark.
NOTE: There are many fields that are not implemented yet in
epan/proto.c. I will work on finishing these as my time permits.
Anyone else is welcome to work on it also :-). The trick is to call
col_custom_set_fstr(fi->hfinfo->abbrev, "[Format such as %s]", value)
from within proto_tree_set_* functions. Keep in mind that some
proto_tree_set_* functions call others (such as
proto_tree_set_string_tvb calling proto_tree_set_string), so the
col_custom_set_fstr call only has to go in the proto_tree_set_string
call.
