(Apologies if this is a resend, having some issues with mailing list)
At the time the Qt GUI wasn't far enough along for me to tell if they would/should develop into 2 separate features (even though I thought they should be merged). Now that the Qt GUI is fully developed, I found myself looking for the EtherNet/IP and Profinet "conversation" filters and didn't see them. When I originally added EtherNet/IP to the "conversation filters", it (dissector_filters.{c,h}) was more of a feature I "stumbled across" and the Profinet implementation seemed like a "one off". Generically written, but necessary because the display filter needed to track the conversation was complex enough to justify menu items.
In the GTK, the difference appears to be "colorize" (via context menu using color_dissector_filter.{c,h}) or "not colorize" (via main menu using dissector_filters.{c,h}). In Qt, you have the option to colorize (via context menu using color_dissector_filter.{c,h}) or not colorize (via main menu using color_dissector_filter.{c,h}). Since I want "not colorize" for EtherNet/IP and Profinet, I presume to just never use the content menu and register their "conversation filter" with color_dissector_filter API (which is what
https://code.wireshark.org/review/11263 is trying to achieve)
Based on comments I could receive either here or in the review, I would probably amend the patch to remove the dissector_filter.{c,h} entirely. That would probably mean converting the existing "not color"/dissector_filter.{c,h} menu items in GTK to use color_dissector_filter API instead.
-----Original Message-----
From: Guy Harris <guy@xxxxxxxxxxxx>
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Sent: Sun, Oct 25, 2015 12:47 pm
Subject: Re: [Wireshark-dev] Change in wireshark[master]: Convert "dissector filter" registrations to "dissector color...
> On Oct 25, 2015, at 7:33 AM, Michael Mann (Code Review)
<code-review-do-not-reply@xxxxxxxxxxxxx> wrote:
>
> Michael Mann has uploaded
a new change for review.
>
> https://code.wireshark.org/review/11263
>
>
Change subject: Convert "dissector filter" registrations to "dissector color
filter" registration so they are populated in the Qt GUI.
OK, we have
epan/dissector_filter.{c,h}, which have "Routines for dissector generated
display filters", and epan/color_dissector_filter.{c,h}, which have "Routines
for dissector generated display filters".
The first of those add to a list
named "dissector_filter_list", which is only used by the GTK+ code.
The
second of those add to a list named "color_conv_filter_list", which is used both
by the GTK+ code and the Qt code.
What are the purposes of those two
different types of filter?
Is there a good reason why filters of the first
type aren't shown in the Qt UI and filters of the second type
are?
___________________________________________________________________________
Sent
via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:
https://www.wireshark.org/lists/wireshark-dev
Unsubscribe:
https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
