I think I'm close here. My original request was to highlight an entire
line. [Highlighting an individual item within a protocol tree is an
excellent idea, albeit one I can wait for.] Ideally :-), I would be
able to signal a common error flag or call a common routine if ANY field
in any of the protocol stacks had an error. Then I would see that line
backlit and I could open each protocol layer to see what was in error.
It sounds like this may or may not be doable (I haven't yet read the
links that Guy identified). A potential compromise might be something
like what's done for ICMP bad checksums. There is a hidden, filterable,
boolean item called "hf_icmp_checksum" that gets set (via a call to
proto_tree_add_item_hidden()) when a bad checksum is encountered. I
believe that a filter rule can then be added to identify records that
have this field set. I could add one of these for each item I wanted to
include in the error list. This means my filter line may have several
items (ip checksum, tcp checksum, ICMP checksum, etc.) but it will
identify all the records that have the errors I'm looking for.
Am I on the right track?
- Karl
P.S. I changed my browser to send in plain text. Sorry if the previous
emails caused any problems.
John McDermott wrote:
Karl Freter wrote:
I'd be happy if I could change the color on a singe line when I detect
an abnormal condition. I understand that adding filtering may be a
development issue, but is there a simple way to change the color on a
single line?
You can specify the color for any packets for which you can write a
filter so you could use foo.error==real_bad or whatever. All you need to
do is have a field that can be filtered on, then specify a color filter
(Display|Colorize Display) for it.
--john
