Hi, The possibility to make a Display filter on 'expert data' seems very good to me. It could permits to see all packets where there is an error (or ...). Seems an important feature to me.
But, I think it does not exist. So, "gg.unknown" is the way to do. Same way to do into packet-tcp.c : "hf_tcp_checksum_bad" ... Note that you can filter using "gg.unknown" without any value (if you add your "unknown" field only "when something unknown happens"). See also : http://wiki.wireshark.org/Development/ExpertInfo Olivier Jakub Zawadzki a écrit : > Hi, > > I'm developing new gadu-gadu dissector (see bug #3256), > I'm also developer of gadu-gadu protocol library - libgadu, > so it'll be nice if sniffer (i.e. wireshark) notify me about new stuff in > protocol > (for instance when magic field change, or when we receive packet longer > than suspected) > > expert_add_info_format(..., PI_UNDECODED, PI_WARN, "Foo happens!"); > /* by the way is PI_WARN good severity? */ > > works nice, however I'd like this packet to be hightlight in packet list > without expading tree, (yes, I know about Expert Info window) > > I thought about creating some field hf_gg_unknown (gg.unknown) set it > when something unknown happens. > and inside GUI add new coloring rule, when gg.unknown = 1, paint it with > red background. > > Is this acceptable method? Or am I'm inventing the wheel and I can > highlight packets (not only fields in tree) with 'expert data' with some > configuration option? > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe > > > -- Wireshark Generic Dissector http://wsgd.free.fr ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
