Wireshark-dev: Re: [Wireshark-dev] Reduce the number of "fixed columns"?
From: "Anders Broman" <[email protected]>
Date: Mon, 24 Aug 2009 22:56:30 +0200
Hi,
* COL_BSSGP_TLLI: /* done by packet-bssgp.c */
Use bssgp.tlli
I've removed COL_BSSGP_TLLI from packet-bssgp.c
Regards
Anders

-----Ursprungligt meddelande-----
Från: [email protected]
[mailto:[email protected]] För Kovarththanan Rajaratnam
Skickat: den 23 augusti 2009 21:09
Till: [email protected]
Ämne: Re: [Wireshark-dev] Reduce the number of "fixed columns"?

Hey,

Could someone suggest some custom column expressions to use instead of 
the following predefined columns:

* COL_DCE_CALL:  /* done by dcerpc */
* COL_DCE_CTX:   /* done by dcerpc */
* COL_BSSGP_TLLI: /* done by packet-bssgp.c */

Kovarththanan Rajaratnam wrote:
> Hey,
> 
> Those that have responded seem to be in favour of this and no one has 
> objected to this so I've taken the liberty to create a wiki page to 
> document the progress:
> 
> http://wiki.wireshark.org/Development/CustomColumnfication
> 
> Regards,
> Kovarththanan Rajaratn
> 
> Jaap Keuter wrote:
>> Hi,
>>
>> So what you say is keep the metadata and generic protocol elements, the
rest is 
>> protocol specific and should go through custom columns.
>> I can agree with that.
>>
>> Thanx,
>> Jaap
>>
>> Martin Visser wrote:
>>> My take below,
>>> '
>>> With no firm evidence, I would bet that 90% of users are doing pretty 
>>> much vanilla Ethernet packet captures, which is reflected in my thoughts

>>> below. That said, I know I often do 802.11 based captures, but am not 
>>> interested in physical layer information all that much. (And I know 
>>> someone might argue for instance why included 802.1q VLAN tags, which is

>>> very interface specific). Knowing that I can create a custom column for 
>>> them is all I generally need. I also like to see fields 
>>> tcp.analysis.ack_rtt or even tcp.stream, but I wouldn't expect a 
>>> pre-existing column to defined for them.
>>>
>>>
>>> Regards, Martin
>>>
>>> [email protected] <mailto:[email protected]>
>>>
>>>
>>> On Sun, Aug 16, 2009 at 7:17 AM, Anders Broman <[email protected] 
>>> <mailto:[email protected]>> wrote:
>>>
>>>     Hi,
>>>
>>>     Now when we have custom columns could we get rid of some of the
>>>     “fixed” columns?
>>>
>>>     It seems to me that some are not of a general interest.
>>>
>>>      
>>>
>>>     This is  the column enum:
>>>
>>>       COL_8021Q_VLAN_ID,  /* 0) 802.1Q vlan ID */ ****Keep****
>>>
>>>       COL_ABS_DATE_TIME,  /* 1) Absolute date and time */ ****Keep****
>>>
>>>       COL_ABS_TIME,       /* 2) Absolute time */ ****Keep****
>>>
>>>       COL_CIRCUIT_ID,     /* 3) Circuit ID */ ****Keep****
>>>
>>>       COL_DSTIDX,         /* 4) Dst port idx - Cisco MDS-specific */*
>>>     *****Retire****
>>>
>>>       COL_SRCIDX,         /* 5) Src port idx - Cisco MDS-specific */*
>>>     *****Retire****
>>>
>>>       COL_VSAN,           /* 6) VSAN - Cisco MDS-specific */*
>>>     *****Retire****
>>>
>>>       COL_CUMULATIVE_BYTES, /* 7) Cumulative number of bytes */*
***Keep****
>>>
>>>       COL_CUSTOM,         /* 8) Custom column (any filter name's
>>>     contents) */ ****Keep****
>>>
>>>       COL_DCE_CALL,       /* 9) DCE/RPC connection oriented call id OR
>>>     datagram sequence number */* *****Retire****
>>>
>>>       COL_DCE_CTX,        /* 10) DCE/RPC connection oriented context id
>>>     */* *****Retire****
>>>
>>>       COL_DELTA_TIME,     /* 11) Delta time */* ***Keep****
>>>
>>>       COL_DELTA_CONV_TIME,/* 12) Delta time to last frame in
>>>     conversation */* ***Keep****
>>>
>>>       COL_DELTA_TIME_DIS, /* 13) Delta time displayed*/* ***Keep****
>>>
>>>       COL_RES_DST,        /* 14) Resolved dest */* ***Keep****
>>>
>>>       COL_UNRES_DST,      /* 15) Unresolved dest */* ***Keep****
>>>
>>>       COL_RES_DST_PORT,   /* 16) Resolved dest port */* ***Keep****
>>>
>>>       COL_UNRES_DST_PORT, /* 17) Unresolved dest port */* ***Keep****
>>>
>>>       COL_DEF_DST,        /* 18) Destination address */* ***Keep****
>>>
>>>       COL_DEF_DST_PORT,   /* 19) Destination port */* ***Keep****
>>>
>>>       COL_EXPERT,         /* 20) Expert Info */* ***Keep****
>>>
>>>       COL_IF_DIR,         /* 21) FW-1 monitor interface/direction */*
>>>     *****Retire****
>>>
>>>       COL_OXID,           /* 22) Fibre Channel OXID */* *****Retire****
>>>
>>>       COL_RXID,           /* 23) Fibre Channel RXID */* *****Retire****
>>>
>>>       COL_FR_DLCI,        /* 24) Frame Relay DLCI */* *****Retire****
>>>
>>>       COL_FREQ_CHAN,      /* 25) IEEE 802.11 (and WiMax?) - Channel */*
>>>     *****Retire****
>>>
>>>       COL_BSSGP_TLLI,     /* 26) GPRS BSSGP IE TLLI */* *****Retire****
>>>
>>>       COL_HPUX_DEVID,     /* 27) HP-UX Nettl Device ID */*
*****Retire****
>>>
>>>       COL_HPUX_SUBSYS,    /* 28) HP-UX Nettl Subsystem */*
*****Retire****
>>>
>>>       COL_DEF_DL_DST,     /* 29) Data link layer dest address */*
>>>     ***Keep****
>>>
>>>       COL_DEF_DL_SRC,     /* 30) Data link layer source address */*
>>>     ***Keep****
>>>
>>>       COL_RES_DL_DST,     /* 31) Resolved DL dest */* ***Keep****
>>>
>>>       COL_UNRES_DL_DST,   /* 32) Unresolved DL dest */* ***Keep****
>>>
>>>       COL_RES_DL_SRC,     /* 33) Resolved DL source */* ***Keep****
>>>
>>>       COL_UNRES_DL_SRC,   /* 34) Unresolved DL source */* ***Keep****
>>>
>>>       COL_RSSI,           /* 35) IEEE 802.11 - received signal strength
>>>     */* *****Retire****
>>>
>>>       COL_TX_RATE,        /* 36) IEEE 802.11 - TX rate in Mbps */*
>>>     *****Retire****
>>>
>>>       COL_DSCP_VALUE,     /* 37) IP DSCP Value */* *****Retire****
>>>
>>>       COL_INFO,           /* 38) Description */* ***Keep****
>>>
>>>       COL_COS_VALUE,      /* 39) L2 COS Value */* *****Retire****
>>>
>>>       COL_RES_NET_DST,    /* 40) Resolved net dest */* ***Keep****
>>>
>>>       COL_UNRES_NET_DST,  /* 41) Unresolved net dest */* ***Keep****
>>>
>>>       COL_RES_NET_SRC,    /* 42) Resolved net source */* ***Keep****
>>>
>>>       COL_UNRES_NET_SRC,  /* 43) Unresolved net source */* ***Keep****
>>>
>>>       COL_DEF_NET_DST,    /* 44) Network layer dest address */*
***Keep****
>>>
>>>       COL_DEF_NET_SRC,    /* 45) Network layer source address */*
>>>     ***Keep****
>>>
>>>       COL_NUMBER,         /* 46) Packet list item number */* ***Keep****
>>>
>>>       COL_PACKET_LENGTH,  /* 47) Packet length in bytes */* ***Keep****
>>>
>>>       COL_PROTOCOL,       /* 48) Protocol */* ***Keep****
>>>
>>>       COL_REL_TIME,       /* 49) Relative time */* ***Keep****
>>>
>>>       COL_REL_CONV_TIME,  /* 50) Relative time to beginning of
>>>     conversation */* ***Keep****
>>>
>>>       COL_DEF_SRC,        /* 51) Source address */* ***Keep****
>>>
>>>       COL_DEF_SRC_PORT,   /* 52) Source port */* ***Keep****
>>>
>>>       COL_RES_SRC,        /* 53) Resolved source */* ***Keep****
>>>
>>>       COL_UNRES_SRC,      /* 54) Unresolved source */* ***Keep****
>>>
>>>       COL_RES_SRC_PORT,   /* 55) Resolved source port */* ***Keep****
>>>
>>>       COL_UNRES_SRC_PORT, /* 56) Unresolved source port */* ***Keep****
>>>
>>>       COL_TEI,            /* 57) Q.921 TEI */* *****Retire****
>>>
>>>       COL_CLS_TIME,       /* 58) Command line-specified time (default
>>>     relative) */* ***Keep****
>>>
>>>       NUM_COL_FMTS        /* 59) Should always be last */* ***Keep****
>>>
>>>      
>>>
>>>     Could some be retired? If so suggestions would be welcome J
>>>
>>>     Regards
>>>
>>>     Anders
>>>
>>>      
>>>
>>
___________________________________________________________________________
>> Sent via:    Wireshark-dev mailing list <[email protected]>
>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>
mailto:[email protected]?subject=unsubscribe
> 
>
___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <[email protected]>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>
mailto:[email protected]?subject=unsubscribe
> 

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe