This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How do I force packet coloring rules?

1
1

I'm working on the FAST protocol dissector for wireshark, and I want to make it so that packets containing errors are colored red for the users. I know how to do it by modifying my coloring rules filter, but is there a way to force this change on any user using my plugin (so that they don't have to manually alter the coloring rules)?

asked 05 Apr '11, 11:34

messybricks's gravatar image

messybricks
16123
accept rate: 0%


2 Answers:

3

Add expert items to the errors. That makes them show up in the expert dialog and color coded in the packet list / details.

answered 05 Apr '11, 23:00

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

0

I'm trying to implement this, and I'm making a simple function call like this:

  expert_add_info_format(pinfo, 
                    NULL,
                    PI_PROTOCOL,
                    PI_ERROR,
                    "ERROR 123");

However, the behavior is not what I would expect. The packet color does not change, and in the Expert Info column, all I see is: ?8388608?

Also, when I go to Analyze->Expert Info, wireshark dies, and I get this error in the terminal:

**
ERROR:expert_dlg.c:142:expert_dlg_packet: code should not be reached
Aborted

answered 06 Apr '11, 15:39

messybricks's gravatar image

messybricks
16123
accept rate: 0%