Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] expert_add_info_format() usage with undecoded/unknown data

From: wsgd <wsgd@xxxxxxx>
Date: Tue, 24 Feb 2009 22:26:37 +0100
I have tried your patch (on wireshark 1.1.3).
Seems to work well.

Explanations for other people :

On each field where an expert info has been declared,
a subtree Expert Info is added with
a field Severity with its value : Error, ...
a field Group with its value : Checksum, Malformed, ...

Then you can filter using :
expert
expert.severity == "Error"
expert.severity >= "Warn"
expert.group == "Malformed"
...

Perhaps I want also a filter like this :
<my_proto>.expert...
But I think it is not evident it is a good choice or easy to do and it could be replaced by :
<my_proto> && expert...


Seems very good to me.

When do you plan to deliver it ?



Olivier

Jakub Zawadzki a �crit :
Hi,

On Wed, Feb 18, 2009 at 07:55:02PM +0100, wsgd wrote:
The possibility to make a Display filter on 'expert data' seems very good to me.
It could permits to see all packets where there is an error (or ...).
Seems an important feature to me.

But, I think it does not exist.

I do some work on it, in attachment initial version :)

So, "gg.unknown" is the way to do.
Same way to do into packet-tcp.c : "hf_tcp_checksum_bad" ...

Note that you can filter using "gg.unknown" without any value (if you add your "unknown" field only "when something unknown happens").

I didn't know about that, thanks!
------------------------------------------------------------------------

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


--
Wireshark Generic Dissector http://wsgd.free.fr