Wireshark-dev: Re: [Wireshark-dev] Expert Infos are a bit "more official" now!
From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
Date: Fri, 24 Aug 2007 16:32:51 -0400
Ulf,

 

First - Great stuff!  I finally got around to adding this to a proprietary dissector to try it out.  For example, in a small capture file of around 15000 packets, I wanted to pick out 5 particular packets of interest.  This could have been accomplished by searching for these packets of course, or by applying a display filter, but nothing comes close to the convenience the expert info provides.  Anyway, I plan to slowly add this to more and more dissectors as I have time.

 

However, the only problem I came across was that in order for the expert info feature to work reliably, it seems that you have to do all of the detailed dissection work, regardless of whether or not the initial proto_tree passed to the dissector was NULL or not (i.e., To use the README.developer terminology, you can't assume "Operational dissection" only).  Therefore, I simply changed the "if (tree) { ... }" to "if (1) { .... }" to test it and that worked.

 

Anyway, that is probably obvious to you, but it wasn't to me, so you may want to indicate that in the documentation?  Or kindly point out what I might be doing wrong so I can still make use of the expert info features without doing any unnecessary building of the protocol tree?

 

Thanks again for documenting this feature and bringing it to everyone's attention!

 

Chris


________________________________

From: wireshark-dev-bounces@xxxxxxxxxxxxx on behalf of Ulf Lamping
Sent: Thu 8/16/2007 6:30 PM
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Expert Infos are a bit "more official" now!



Hi List!

I think the Expert Info feature that I've added a while ago should be
used more widely :-)


In the last days I've added the "Expert Info" feature to the User's
Guide, so users have a chance to know how to use it.

I've also changed the Wiki's ExpertInfo Developer page, it's more of a
"How To add expert infos to a dissector" now - before it was a bit
outdated  proposal / collecting ideas page.


As I'm using the EI for a quite a while now and I really find it
invaluable to get a "quick overview" of that file. In the PROFINET
dissectors for example, I've added "PI_UNDECODED" EI's at all places
where the current dissection is incomplete or where stuff is marked
"Reserved" in the specs. If I get a new capture file, I just open the EI
composite to have a quick look if anything in the dissection is missing
and needs to be implemented / checked. This is *much* faster than
scanning the packets manually and already saved me a lot of time.


If you're interested what the "Expert Infos" are and how to use them in
the GUI, please read the User's Guide section
http://www.wireshark.org/docs/wsug_html_chunked/ChAdvExpert.html.

If you're interested how to add "Expert Infos" to your dissector code,
please read the ExpertInfo Wiki page
http://wiki.wireshark.org/Development/ExpertInfo.


I can only suggest other developers to add more expert infos to their
dissectors, this will probably be very helpful for both developers and
users ...

Regards, ULFL



P.S: Any suggestions about the User Guide and Wiki page text or the EI
feature itself is welcome ...
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev





-----------------------------------------
This email may contain confidential and privileged material for the
sole use of the intended recipient(s). Any review, use, retention,
distribution or disclosure by others is strictly prohibited. If you
are not the intended recipient (or authorized to receive for the
recipient), please contact the sender by reply email and delete all
copies of this message. Also, email is susceptible to data
corruption, interception, tampering, unauthorized amendment and
viruses. We only send and receive emails on the basis that we are
not liable for any such corruption, interception, tampering,
amendment or viruses or any consequence thereof.

<<winmail.dat>>