I have tried your patch (on wireshark 1.1.3). Seems to work well. Explanations for other people :
On each field where an expert info has been declared, a subtree Expert Info is added with a field Severity with its value : Error, ... a field Group with its value : Checksum, Malformed, ... Then you can filter using : expert expert.severity == "Error" expert.severity >= "Warn" expert.group == "Malformed" ... Perhaps I want also a filter like this : <my_proto>.expert... But I think it is not evident it is a good choice or easy to do and it could be replaced by : <my_proto> && expert... Seems very good to me. When do you plan to deliver it ? Olivier Jakub Zawadzki a écrit : > Hi, > > On Wed, Feb 18, 2009 at 07:55:02PM +0100, wsgd wrote: > >> The possibility to make a Display filter on 'expert data' seems very >> good to me. >> It could permits to see all packets where there is an error (or ...). >> Seems an important feature to me. >> >> But, I think it does not exist. >> > > I do some work on it, in attachment initial version :) > > >> So, "gg.unknown" is the way to do. >> Same way to do into packet-tcp.c : "hf_tcp_checksum_bad" ... >> >> Note that you can filter using "gg.unknown" without any value (if you >> add your "unknown" field only "when something unknown happens"). >> > > I didn't know about that, thanks! > > ------------------------------------------------------------------------ > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe -- Wireshark Generic Dissector http://wsgd.free.fr ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
