Sake Blok wrote: > On Mon, Mar 12, 2007 at 09:59:58PM +0100, Julian Fielding wrote: >> Jeff Morriss wrote: >>> Normally I'd see the use in not changing semantics for a field, but I >>> don't think the current semantics make any sense at all so I can't >>> imagine it is being used [therefor it's OK to change it]. >> It makes no sense in a display filter, but it is useful in a colour filter >> or in Edit > Find Packet > By Display filter. >> >> I often use a colour filter to highlight frames with frame.time_delta>x, >> where x is something small. Of course it's only meaningful if the >> displayed frames are all related in some logical way, but that often >> applies because I've used capture or display filters to get such a >> display. >> >> I don't mind a name change, but don't want to lose the present >> functionality.
That's an interesting use--hadn't thought of that. Glad I asked! :-) [...] > I did however start to look into the code to see how I could implement > the extra field. I realise that I need to start to understand how > wireshark actually handles frames. Some fields are filled by the > dissector and some fields are filled while looping through the > packets it seems. It will take me some time to understand how this > works and where the field must be generated. Any help on this is > more than welcome. Look for where "del_ts" is set in "file.c" (Wireshark) and "tshark.c" (tshark). You'll need a new timestamp in the frame data structure. Then in packet-frame.c you'll need to put this new timestamp in a new frame header field, similar to the current field. _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
