Hi, i´am nearly ready with my own dissector. At least i want to colorize my the table-row from a mailformed frame.

How can i do this?

actual Error Routine:

    local Frame_OK = 1
if buffer:len() < 10 then 
      Frame_OK = 0 
      TreeNode = TreeNode_E1:add(buffer(), "Payload-Data integrity : " .. "ERROR - payload Length < 10 bytes!" )
    end
if Frame_OK == 1 then
      if not (buffer(0,1):uint() == 91)  
         or not (buffer(8,1):uint() == 124) 
         or not (buffer(buffer:len()-1,1):uint() == 93) then   
        Frame_OK = 0 
        TreeNode = TreeNode_E1:add(buffer(), "Payload-Data integrity : " .. "ERROR - identifyer mismatch! " )   
      end
    end  
    if Frame_OK == 1 then
      TreeNode = TreeNode_E1:add(buffer(), "Payload-Data integrity : " .. "OK" ) 
    end

thanks for your help... Pfanne

asked 09 Jun '11, 12:31

Pfanne's gravatar image

Pfanne
1334
accept rate: 0%

retagged 10 Jun '11, 18:18

helloworld's gravatar image

helloworld
2.8k21940


You can use the expert system to mark the malformed part of the frame. See epan/expert.h. The severity of the expert message will determine it's color. In case of a malformed PDU, the proper group would be "PI_MALFORMED" with severity "Error".

See also: http://www.wireshark.org/docs/wsug_html_chunked/ChAdvExpert.html

link

answered 09 Jun '11, 13:18

SYN-bit's gravatar image

SYN-bit ♦♦
15.0k848219
accept rate: 19%

edited 09 Jun '11, 13:18

Oops, I just noticed that you use LUA, I'm not sure the LUA-API does include the expert info stuff too... Maybe someone else can answer that...

(09 Jun '11, 13:19) SYN-bit ♦♦

Hi, thank´s for your fast answers.

I have seen your links also bevor, my problem ist the lua-syntax. Can you give me a specific hint in my code?

(09 Jun '11, 13:25) Pfanne
1

You should be able to use the Lua "set_expert_flags" or "add_expert_info" methods on a Treeitem; see the Lua API entry for Treeitem.

(09 Jun '11, 13:35) Guy Harris ♦♦
TreeNode = TreeNode_E1:add_expert_info(PI_MALFORMED, PI_ERROR, "identifyer mismatch!")

that´s it, very usefull hint!, thank´s Guy Harris.

My UDP-Command-dissactor is ready!!!

Thank´s to all people who help me.

Greets from Hamburg Pfanne

(10 Jun '11, 10:01) Pfanne

You colorize packets by adding a color rule that matches something you put into the protocol tree for the error.

link

answered 09 Jun '11, 12:57

Guy%20Harris's gravatar image

Guy Harris ♦♦
11.6k227146
accept rate: 18%

to Guy Harris

is there no way to integrate the color error into my lua-code?

(09 Jun '11, 13:27) Pfanne

There's no way for a dissector to directly do anything about color, as the environment in which dissectors run knows nothing about color (by design - there's no guarantee that the output of the dissector will be in an environment where things can be colored, and the user should be allowed to control colorization in any case).

(09 Jun '11, 13:32) Guy Harris ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×335
×193
×12
×8

Asked: 09 Jun '11, 12:31

Seen: 2,803 times

Last updated: 10 Jun '11, 18:22

powered by OSQA