Add ERROR COLOR to a dissector


Hi, i´am nearly ready with my own dissector. At least i want to colorize my the table-row from a mailformed frame.

How can i do this?

actual Error Routine:

    local Frame_OK = 1
if buffer:len() < 10 then 
      Frame_OK = 0 
      TreeNode = TreeNode_E1:add(buffer(), "Payload-Data integrity : " .. "ERROR - payload Length < 10 bytes!" )
if Frame_OK == 1 then
      if not (buffer(0,1):uint() == 91)  
         or not (buffer(8,1):uint() == 124) 
         or not (buffer(buffer:len()-1,1):uint() == 93) then   
        Frame_OK = 0 
        TreeNode = TreeNode_E1:add(buffer(), "Payload-Data integrity : " .. "ERROR - identifyer mismatch! " )   
    if Frame_OK == 1 then
      TreeNode = TreeNode_E1:add(buffer(), "Payload-Data integrity : " .. "OK" ) 

thanks for your help... Pfanne

You can use the expert system to mark the malformed part of the frame. See epan/expert.h. The severity of the expert message will determine it's color. In case of a malformed PDU, the proper group would be "PI_MALFORMED" with severity "Error".

See also:

Oops, I just noticed that you use LUA, I'm not sure the LUA-API does include the expert info stuff too... Maybe someone else can answer that...

Hi, thank´s for your fast answers.

I have seen your links also bevor, my problem ist the lua-syntax. Can you give me a specific hint in my code?

You should be able to use the Lua "set_expert_flags" or "add_expert_info" methods on a Treeitem; see the Lua API entry for Treeitem.

TreeNode = TreeNode_E1:add_expert_info(PI_MALFORMED, PI_ERROR, "identifyer mismatch!")

that´s it, very usefull hint!, thank´s Guy Harris.

My UDP-Command-dissactor is ready!!!

Thank´s to all people who help me.

Greets from Hamburg Pfanne

You colorize packets by adding a color rule that matches something you put into the protocol tree for the error.

to Guy Harris

is there no way to integrate the color error into my lua-code?

There's no way for a dissector to directly do anything about color, as the environment in which dissectors run knows nothing about color (by design - there's no guarantee that the output of the dissector will be in an environment where things can be colored, and the user should be allowed to control colorization in any case).

