Le 10 août 2012 à 08:20, "Kumar, Chandan (Chandan)" <[email protected]> a écrit :
> Could you, please help me to make change in Wireshark so that I would be able > to select IE by means of filter like others element? > > I want to make IE’s as a filterable field instead of displaying frame [start > offset: length] > > I Did some change for this into epan/proto.c file in Wireshark – 1.6.2 > Line number---->6934 > > ptr += g_snprintf(ptr, (gulong) (buf_len-(ptr-*filter)), "frame[%d:%d] == ", > finfo->start, length); > > this line I have change like > ptr += g_snprintf(ptr, (gulong) (buf_len-(ptr-*filter)),"%s == ", > finfo->rep->representation); > > I am able to see the strings which want to make filterable using (Apply as > filter ---> Selected) but some wrong message windows came & stop the parsing > for new filter. > > What I have to do to display correctly. Please have a look at the answer I sent yesterday: "Hi Chandan, As indicated by Gilbert your screeshots were not forwarded to the list. Given the line number you modified, it looks like the field you want to filter is defined as FT_NONE. Hacking in proto.c is probably not what you want to do and instead you should change the protocol dissector code so as to use a more friendly filter format. If you can share with us more information on the protocol used and field you want to filter, we might be able to help you." As indicated in README.developer file: "FT_NONE: no field type. Used for fields that aren't given a value, and that can only be tested for presence or absence; a field that represents a data structure, with a subtree below it containing fields for the members of the structure, or that represents an array with a subtree below it containing fields for the members of the array, might be an FT_NONE field." So if I understood your request correctly you should probably change the dissector code to define the field to something other than FT_NONE. What field are you trying to filter? Regards, Pascal.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
