Re: Highlight fields

[Jeff Morriss <jeff.morriss.ws () gmail com>]

Hmm, this might be easier than described below.  It turns out there's
already some similar functionality when doing a "Find packet" when
searching for a string or hex value.  See:

https://code.wireshark.org/review/#/c/14086/

as well as the bug that links to and the original change that added the
functionality in the Gtk interface.

(A first--and useful--step would be to highlight the tree item when
searching with a display filter.  Or maybe that's the whole solution?)

On Fri, Feb 12, 2016 at 10:34 AM, Jeff Morriss <jeff.morriss.ws () gmail com>
wrote:

> I think you can discover this via hfinfo->ref_type .
>
> On Fri, Feb 12, 2016 at 9:25 AM, Juan Jose Martin Carrascosa <
> juanjo () rti com> wrote:
>
> > That idea sounds awesome and enough for me.
> >
> > Can you tell me how to detect if a proto_item is passing a filter?
> >
> > Thanks,
> > Juanjo
> >
> > On Fri, Feb 12, 2016 at 3:22 PM, Jeff Morriss <jeff.morriss.ws () gmail com>
> > wrote:
> >
> > > I'm not sure this would require changes to the dissectors.
> > >
> > > I would /think/ that this could be done similar to how the Expert Info
> > > system highlights the (tree) path down to the item to which the expert info
> > > is attached.  That is, it could be done in the proto_tree_add*() calls by,
> > > for example:
> > >
> > >    1. Checking if the field being added was part of the display filter
> > >    2. If so then highlighting the path back to the root of the tree
> > >    (like the expert info calls do)
> > >
> > > I don't know, however, how you could visually distinguish expert info's
> > > from the "here is(are) your field(s)" highlights.
> > > On Wed, Feb 10, 2016 at 7:48 AM, Juan Jose Martin Carrascosa <
> > > juanjo () rti com> wrote:
> > >
> > > > Do you know which would be the approach? I am willing to implement it.
> > > > Any idea is very much appreciated!
> > > >
> > > > Thanks,
> > > > Juanjo
> > > >
> > > > On Wed, Feb 10, 2016 at 1:45 PM, Roland Knall <rknall () gmail com> wrote:
> > > >
> > > > > Hi
> > > > >
> > > > > No, currently there is no direct way to do this. And any new way would
> > > > > require a change to the dissectors handling the messages
> > > > >
> > > > > regards
> > > > >
> > > > > On Wed, Feb 10, 2016 at 11:44 AM, Juan Jose Martin Carrascosa <
> > > > > juanjo () rti com> wrote:
> > > > >
> > > > > > Hi all,
> > > > > >
> > > > > > Let's say I have several submessages in a packet (RTPS). When I
> > > > > > filter, one of them matches so the whole RTPS (UDP datagram) matches and
> > > > > > thus, it is shown in the display. However, if the amount of submessages is
> > > > > > large (200?), it is quite tedious to find the matching submessage.
> > > > > >
> > > > > > Is there any way in Wireshark (GUI or changing source code) to solve
> > > > > > my issue? Highlighting the field that makes something match a filter or
> > > > > > something like that.
> > > > > >
> > > > > > Thanks!
> > > > > > Juanjo Martin
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe