Wireshark mailing list archives

Re: Packet colorization

From: Guy Harris <guy () alum mit edu>
Date: Wed, 14 Apr 2010 15:30:57 -0700


On Apr 14, 2010, at 3:12 PM, Ari Yoskovitz wrote:

I am writing a dissector for this protocol I am working with. I will just refer to it as "my protocol".
I can't seem to find ways to control packet colorization programatically, from within the dissector's code (int 
contrast to changing it manually from Wireshark's menus).


It's hard to find something that's not there. :-)

My inclination would not be to allow a dissector to set the color.  Either

        1) the dissector would do it forcibly, with no preference setting, so the user can't turn it off even if they 
don't want it;

or

        2) the dissector would do it with a preference controlling it, but I'm not sure what advantages that has for 
the user over just editing the coloring rules.

Two issues came up:
1) I want to control my packets' color, and give a different color to packets, depending on it's direction  (for 
example, two kinds of blue).


Does your protocol have a filterable field that indicates the direction?  If not, I'd say that's a bug in your 
dissector, as it not only means you can't test that in a coloring rule, it also means you can't test it in a display 
filter (e.g., "show me only packets going in this direction".)

2) I noticed that generally in Wireshark, the last activated dissector sets the rules for the packet's color, text 
(source and destination addresses fro example), etc.


I'm not sure that's supposed to be the case; the coloring should not be done until the packet is fully dissected, so 
that the coloring rules can test any filter.  The first matching rule specifies the color, so if you put the coloring 
rules for your protocol first in the list of coloring rules, they should control the coloring of all packets that match 
the filter in the rule, and if you put them after some rules, those rules should control the coloring of all packets 
that match them, and yours will control the coloring of all packets that don't match any of them but do match your 
rules.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Packet colorization Ari Yoskovitz (Apr 14)
- Re: Packet colorization Guy Harris (Apr 14)