Wireshark-dev: [Wireshark-dev] Coloring rules as expert info
From: Oliver-Tobias Ripka <otr@xxxxxxxxxx>
Date: Tue, 1 Mar 2011 23:22:34 +0100
Hello, I have quite a nice list of coloring rules for wireshark which help diagnose network problems. I find it useful to add a column frame.coloring_rule.string to display strange packets right away. Sorting by this column allows to quickly find interesting packets in a larger tracefiles. Although this is somewhat hindered by the following bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5703 Now I wanted to make it easier to find packets that are colored by adding them to the expert infos using expert_add_info_format(...). I wrote a patch that unfortunately does not work. I would be grateful if somebody being more familiar with the wireshark code could give me a hint to why calling expert_add_info_format like I do does not work. Thanks, Oliver Ripka
Index: color_filters.c =================================================================== --- color_filters.c (Revision 36113) +++ color_filters.c (Arbeitskopie) @@ -47,6 +47,12 @@ #include "ui_util.h" #include <epan/prefs.h> +#include <epan/expert.h> +#include <epan/epan_dissect.h> +#include <epan/proto.h> +#include <epan/epan.h> +#include <epan/packet_info.h> + #define RED_COMPONENT(x) (guint16) (((((x) >> 16) & 0xff) * 65535 / 255)) #define GREEN_COMPONENT(x) (guint16) (((((x) >> 8) & 0xff) * 65535 / 255)) #define BLUE_COMPONENT(x) (guint16) ( (((x) & 0xff) * 65535 / 255)) @@ -450,6 +456,8 @@ { GSList *curr; color_filter_t *colorf; + proto_item *pit = (proto_item *)(edt->tree->last_child); + packet_info *pi = (packet_info * )&(edt->pi); /* If we have color filters, "search" for the matching one. */ if (color_filters_used()) { @@ -464,7 +472,13 @@ #ifndef NEW_PACKET_LIST /* We'll do this in the column cell function instead. */ packet_list_set_colors(row, &(colorf->fg_color), &(colorf->bg_color)); + + #endif + /* Add color to the Expert Info */ + expert_add_info_format(pi, pit, PI_PROTOCOL, PI_ERROR, "%s", colorf->filter_name); + + return colorf; } curr = g_slist_next(curr);
- Prev by Date: [Wireshark-dev] Wireshark 1.2.15 is now available
- Next by Date: [Wireshark-dev] Wireshark filter list
- Previous by thread: [Wireshark-dev] Wireshark 1.2.15 is now available
- Next by thread: [Wireshark-dev] Wireshark filter list
- Index(es):
- Get Wireshark
- Download
- Code of Conduct