Wireshark · Ethereal-dev: Re: [Ethereal-dev] Ethereal highighting

Ethereal-dev: Re: [Ethereal-dev] Ethereal highighting

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Fri, 2 Nov 2001 14:02:37 -0800 (PST)

(Please don't send HTML mail to the Ethereal mailing lists; not
everybody's mail read can handle HTML mail conveniently, and most mail
sent as HTML could be sent as text with little or no loss.)

> I'd be happy if I could change the color on a singe line when I detect an
> abnormal condition.  I understand that adding filtering may be a development
> issue, but is there a simple way to change the color on a single line?

On a single line in the protocol tree?

Check out the GTK+ 1.2[.x] API documentation:

	http://developer.gnome.org/doc/API/gtk/index.html

and, in particular, check out the documentation on the widget Ethereal
uses to display the protocol tree:

	http://developer.gnome.org/doc/API/gtk/gtkctree.html

and, in particular, the documentation for the calls to set the
foreground and background color on nodes:

	http://developer.gnome.org/doc/API/gtk/gtkctree.html#GTK-CTREE-NODE-SET-FOREGROUND

	http://developer.gnome.org/doc/API/gtk/gtkctree.html#GTK-CTREE-NODE-SET-BACKGROUND

It's not great documentation, as it gives only the calling sequence, but
you can probably infer from what documentation there is, from the
documentation for other routines, and from examples in the Ethereal code
how to use them.

Of course, the dissectors *themselves* make no GTK+ calls whatsoever,
which is as it should be; that way, they also work with Tethereal.

Therefore, you would also need to add a mechanism by which a dissector
can specify that a particular protocol tree item should be marked as
being abnormal (not as being a specific color; dissectors don't know
about colors, which is as it should be, and the color to use should be
up to the user, not the dissector, to choose in any case).

The data structure used internally to Ethereal for each node in the
protocol tree is a "field_info" structure, as defined in "epan/proto.h".
You might, for example, add a "gboolean" flag "error" or "abnormal" or
something such as that, or a "guint" flag holding an error severity, or
something such as that.  You'd also add a new call to "epan/proto.c",
such as

	void proto_item_set_error(proto_item *pi);

to set the error flag to TRUE for an item to the specified value (or, if
it's not, you'd pass the value to which it should be set).

Then you'd modify "proto_tree_draw_node()", in "gtk/proto_draw.c", to,
after the "gtk_ctree_insert_node()" call, check that flag and, if
appropriate, set the foreground and background color.

Follow-Ups:
- Re: [Ethereal-dev] Ethereal highighting
  - From: Richard Sharpe

References:
- Re: [Ethereal-dev] Ethereal highighting
  - From: Karl Freter

Prev by Date: Re: [Ethereal-dev] Ethereal highighting
Next by Date: Re: [Ethereal-dev] Ethereal highighting
Previous by thread: Re: [Ethereal-dev] Ethereal highighting
Next by thread: Re: [Ethereal-dev] Ethereal highighting
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$