On Feb 24, 2014, at 7:10 PM, "??????????" <237825552@xxxxxx> wrote:
> up is a snapshot of packet view.
> I want know where does the value of each column stored,such as Time,Source?
> do they stored in the edt->pi(epan_dissect->packet_info) or edt->pi->cinfo(column_info)?
Some are in edt->pi, some are in edt->pi.fd, and some are in edt->pi.cinfo.
No. is in edt->pi.fd->num.
Time is in either edt->pi.fd->abs_ts or edt->pi.fd->rel_ts, if the time stamp is absolute or relative, or is calculated from the current packet's absolute time stamp and the previous captured or displayed packet's time stamp, if the time stamp is a delta time stamp.
The Source column is in edt->pi.dl_src, edt->pi.net_src, or edt->pi.src, depending on whether it's the link-layer source address, network-layer source address, or whatever source address is the highest-layer source address. The Destination column is similar, except that it's edt->pi.dl_dst, edt->pi.net_dst, or edt->pi.dst.
The Length column is in edt->pi.fd->pkt_len.
The Protocol and Info column are in edt->pi.cinfo.
> if i want to add a column in the packet view,what should i do?
If the data for that column is in a named field in the protocol tree, use a custom column; you don't need to write any code for that.
Otherwise, you have to define a new COL_ value, change the libwireshark code and the UI code to support it, and change dissectors to set that column.
