Hmm, this might be easier than described below. It turns out there's already some similar functionality when doing a "Find packet" when searching for a string or hex value. See:
https://code.wireshark.org/review/#/c/14086/ as well as the bug that links to and the original change that added the functionality in the Gtk interface. (A first--and useful--step would be to highlight the tree item when searching with a display filter. Or maybe that's the whole solution?) On Fri, Feb 12, 2016 at 10:34 AM, Jeff Morriss <[email protected]> wrote: > I think you can discover this via hfinfo->ref_type . > > On Fri, Feb 12, 2016 at 9:25 AM, Juan Jose Martin Carrascosa < > [email protected]> wrote: > >> That idea sounds awesome and enough for me. >> >> Can you tell me how to detect if a proto_item is passing a filter? >> >> Thanks, >> Juanjo >> >> On Fri, Feb 12, 2016 at 3:22 PM, Jeff Morriss <[email protected]> >> wrote: >> >>> I'm not sure this would require changes to the dissectors. >>> >>> I would /think/ that this could be done similar to how the Expert Info >>> system highlights the (tree) path down to the item to which the expert info >>> is attached. That is, it could be done in the proto_tree_add*() calls by, >>> for example: >>> >>> 1. Checking if the field being added was part of the display filter >>> 2. If so then highlighting the path back to the root of the tree >>> (like the expert info calls do) >>> >>> I don't know, however, how you could visually distinguish expert info's >>> from the "here is(are) your field(s)" highlights. >>> On Wed, Feb 10, 2016 at 7:48 AM, Juan Jose Martin Carrascosa < >>> [email protected]> wrote: >>> >>>> Do you know which would be the approach? I am willing to implement it. >>>> Any idea is very much appreciated! >>>> >>>> Thanks, >>>> Juanjo >>>> >>>> On Wed, Feb 10, 2016 at 1:45 PM, Roland Knall <[email protected]> wrote: >>>> >>>>> Hi >>>>> >>>>> No, currently there is no direct way to do this. And any new way would >>>>> require a change to the dissectors handling the messages >>>>> >>>>> regards >>>>> >>>>> On Wed, Feb 10, 2016 at 11:44 AM, Juan Jose Martin Carrascosa < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> Let's say I have several submessages in a packet (RTPS). When I >>>>>> filter, one of them matches so the whole RTPS (UDP datagram) matches and >>>>>> thus, it is shown in the display. However, if the amount of submessages >>>>>> is >>>>>> large (200?), it is quite tedious to find the matching submessage. >>>>>> >>>>>> Is there any way in Wireshark (GUI or changing source code) to solve >>>>>> my issue? Highlighting the field that makes something match a filter or >>>>>> something like that. >>>>>> >>>>>> Thanks! >>>>>> Juanjo Martin >>>>>> >>>>>> >>>>>>
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
