Wireshark mailing list archives

Re: Plugin dissector - lookup expert_field_info

From: Guy Harris <gharris () sonic net>
Date: Sat, 23 Jan 2021 18:01:29 -0800

On Jan 23, 2021, at 1:06 PM, jayrturner99 () gmail com wrote:

I want to wrap expert_add_info calls so that I can check the expert_field* argument, see if the severity is PI_ERROR, 
and set a generated field in my protocol that says “this packet has errors”.


For what purpose?

There's already something in the protocol tree saying "this packet has errors", namely the added expert info.

A packet-matching expression that will match all packets that have a PI_ERROR expert info is

        _ws.expert.severity == "Error"

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Plugin dissector - lookup expert_field_info jayrturner99 (Jan 23)
- Re: Plugin dissector - lookup expert_field_info Guy Harris (Jan 23)
  - Re: Plugin dissector - lookup expert_field_info jayrturner99 (Jan 23)