Re: [Wireshark-dev] Plugin dissector - lookup expert_field_info

Sat, 23 Jan 2021 18:36:04 -0800 

I would like to write "prot.has.error" in the filter and find all of my packets 
that have any condition that my dissector determines to be "an error". 
Otherwise I have to type a filter like
         prot && (_ws.expert.severity == "Error" || _ws.expert.severity == 
"Warn")

To do that now, I have to write something like
        if ({condition})
        {
                expert_add_info(pinfo, pitem, efield);
                my_prot_context.has_error = TRUE;
        }
for each condition in my dissector code. Instead, I would like to write methods 
such as
        ei_add_if_is_gint(pinfo, pitem, expected_gint, efield);
and have the methods do
        ei_add_if_is_gint(...)
        {
                if (expected_gint == (gint)proto_item_get_guint(pitem))
                {
                        expert_field_info* eiinfo;
                        expert_add_info(pinfo, pitem, efield);
                        EXPERT_REGISTRAR_GET_NTH(efield->ei, eiinfo);
                        if (PI_ERROR == eiinfo->severity || PI_WARN == 
eiinfo->severity)
                                my_prot_context.has_error = TRUE;
                }
        }
Otherwise, my dissector code will be sprinkled with the above block of "if"s 
instead of easily maintained ei_add_if_is_gint() and similar calls.

Thank you,
Jay Turner

-----Original Message-----
From: Wireshark-dev <[email protected]> On Behalf Of Guy 
Harris
Sent: Saturday, January 23, 2021 8:01 PM
To: Developer support list for Wireshark <[email protected]>
Subject: Re: [Wireshark-dev] Plugin dissector - lookup expert_field_info

On Jan 23, 2021, at 1:06 PM, [email protected] wrote:

> I want to wrap expert_add_info calls so that I can check the expert_field* 
> argument, see if the severity is PI_ERROR, and set a generated field in my 
> protocol that says “this packet has errors”.

For what purpose?

There's already something in the protocol tree saying "this packet has errors", 
namely the added expert info.

A packet-matching expression that will match all packets that have a PI_ERROR 
expert info is

        _ws.expert.severity == "Error"

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe

Reply via email to