I know how to add user defined columns from the Wireshark GUI, but I want to know if there is any way to do this through code. EDITED: I tried adding user defined field to column_info.h but no help. It is not getting reflected in the GUI. I added the corresponding entry in asked 22 Feb '12, 20:49  ashish_goel edited 23 Feb '12, 10:37  multipleinte... |
One Answer:
Columns are not added through the API, they are added through the preference file(s). answered 26 Feb '12, 03:39  SYN-bit ♦♦ thanx Sake Blok for the help :).. which preference file you are talking in this case? I searched through internet and got a hint about preference file but I couldn't find such file in the code. maybe the now the code and file names are updated. Can you plz guide me a little bit on where I should approach it?? (27 Feb '12, 06:53) ashish_goel I am talking about the preferences file in which all the users preferences are kept. It is generated by Wireshark and on linux resides in the users home-directory in the directory .wireshark. If you want to create a custom version of Wireshark that creates a different column layout by default, you can change it in the function "init_prefs" in the file "epan/prefs.c". Beware, changes made here will only be used by users that do not have a preferences file yet (i.e. only users that install Wireshark for the first time will be affected). (27 Feb '12, 07:13) SYN-bit ♦♦ I followed the procedure but how do i set data into this column through my dissector code. Because in dissector code it needs to know the COL_XXX constant for the column. To define this COL_XXX constant I even added entry for my custom column in column.c, column_info.h and column-utils.c but nothing worked. (27 Feb '12, 08:01) ashish_goel There are two ways to create column data: 1) Have your dissector create a field and use that field in a "custom column" like you would do in the GUI. This is the preferred way. You will need to add something like "%Cus:ip.ttl:0:R" to the init_prefs function. 2) You can manually construct a column. This is the old way and should be avoided. If you still want/need to use this method, see paragraph 1.5 in the file "doc/README.developer", which I'm sure you have already read ;-) (27 Feb '12, 08:17) SYN-bit ♦♦ sry but I didn't get your solution. Can you plz explain the point 1 clearly. specially the logic behind the string : "%Cus:ip.ttl:0:R" (28 Feb '12, 07:48) ashish_goel I was able to do it finally. I had to delete the local preferences file from hard disk for the changes to take effect. I am also able to relate why do we need to add "%Cus"(it specifies that we are using a custom column) and "ip.ttl"(this specifies the protocol and its field whose value we want to use in the column display) which you mentioned in the string. But the part "0:R" of the string is still not clear.. (28 Feb '12, 20:57) ashish_goel showing 5 of 6 show 1 more comments |
any suggestions???
guys plz help.. Is it something nobody has ever tried before??