Wireshark mailing list archives

Re: ?????? ?????? ?????? how to display a packet in the packet_view?


From: Guy Harris <guy () alum mit edu>
Date: Tue, 25 Feb 2014 01:21:19 -0800


On Feb 24, 2014, at 7:10 PM, "??????????" <237825552 () qq com> wrote:

up is a snapshot of packet view.
I want know where does the value of each column stored,such as Time,Source?
do they stored in the edt->pi(epan_dissect->packet_info) or edt->pi->cinfo(column_info)?

Some are in edt->pi, some are in edt->pi.fd, and some are in edt->pi.cinfo.

No. is in edt->pi.fd->num.

Time is in either edt->pi.fd->abs_ts or edt->pi.fd->rel_ts, if the time stamp is absolute or relative, or is calculated 
from the current packet's absolute time stamp and the previous captured or displayed packet's time stamp, if the time 
stamp is a delta time stamp.

The Source column is in edt->pi.dl_src, edt->pi.net_src, or edt->pi.src, depending on whether it's the link-layer 
source address, network-layer source address, or whatever source address is the highest-layer source address.  The 
Destination column is similar, except that it's edt->pi.dl_dst, edt->pi.net_dst, or edt->pi.dst.

The Length column is in edt->pi.fd->pkt_len.

The Protocol and Info column are in edt->pi.cinfo.

if i want to add a column in the packet view,what should i do?

If the data for that column is in a named field in the protocol tree, use a custom column; you don't need to write any 
code for that.

Otherwise, you have to define a new COL_ value, change the libwireshark code and the UI code to support it, and change 
dissectors to set that column.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread: