Wireshark · Ethereal-dev: [Ethereal-dev] Suggested expansion of Expert Statistics

["Greg Morris" <gmorris@xxxxxxxxxx>]

List,

 

I would like to expand the expert_info_t struct in /epan/expert.h to include more data for filtering. I would also like to expand the number of parameters passed to expert_add_info_format() to include the label of the item to search. For example packet-tcp.c calls expert_add_info_format like this...

   expert_add_info_format(pinfo, flags_item, PI_SEQUENCE, PI_NOTE, "Retransmission (suspected)");
I would like to add a parameter to indicate the item to search or filter data on. (tcp.analysis.retransmission). I would like to store this inside the expert_info_t struct for later use by my combined expert statistics feature so that the user can easily filter/colorize/find packets matching the expert condition. (similar to functionality in SRT)

 

 

/** only for internal and display use */
typedef struct expert_info_s {
 guint32 packet_num;
 int group;
 int severity;
 gchar * protocol;
 gchar * summary;

 gchar * fvalue_label;             /* add for filter support */
} expert_info_t;

I would also like to modify the expert tap to trap for the value of the fvalue label. I assume that I could make a call to  fvalue_() functions to retrieve the actual value but we may be better off actually passing the value and storing that in the expert_info_t struct as well. Ideas? comments?

 

Currently my combined expert statistics will search the internet (google) for the summary string and protocol. I would also like to add the ability to search and filter within Ethereal. But to do that I need some reference to build the filter syntax. If nobody believes this to be a good idea I can drop these features.

 

Thanks in advance,

Greg

Attachment: expert_info_com.png
Description: PNG image