This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Add ERROR COLOR to a dissector

0

Hi, i´am nearly ready with my own dissector. At least i want to colorize my the table-row from a mailformed frame.

How can i do this?

actual Error Routine:

    local Frame_OK = 1
if buffer:len() < 10 then 
      Frame_OK = 0 
      TreeNode = TreeNode_E1:add(buffer(), "Payload-Data integrity : " .. "ERROR - payload Length < 10 bytes!" )
    end
if Frame_OK == 1 then
      if not (buffer(0,1):uint() == 91)  
         or not (buffer(8,1):uint() == 124) 
         or not (buffer(buffer:len()-1,1):uint() == 93) then   
        Frame_OK = 0 
        TreeNode = TreeNode_E1:add(buffer(), "Payload-Data integrity : " .. "ERROR - identifyer mismatch! " )   
      end
    end  
    if Frame_OK == 1 then
      TreeNode = TreeNode_E1:add(buffer(), "Payload-Data integrity : " .. "OK" ) 
    end

thanks for your help... Pfanne

asked 09 Jun '11, 12:31

Pfanne's gravatar image

Pfanne
1334
accept rate: 0%

retagged 10 Jun '11, 18:18

helloworld's gravatar image

helloworld
3.1k42041


2 Answers:

2

You can use the expert system to mark the malformed part of the frame. See epan/expert.h. The severity of the expert message will determine it's color. In case of a malformed PDU, the proper group would be "PI_MALFORMED" with severity "Error".

See also: http://www.wireshark.org/docs/wsug_html_chunked/ChAdvExpert.html

answered 09 Jun '11, 13:18

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

edited 09 Jun '11, 13:18

Oops, I just noticed that you use LUA, I'm not sure the LUA-API does include the expert info stuff too... Maybe someone else can answer that...

(09 Jun '11, 13:19) SYN-bit ♦♦

Hi, thank´s for your fast answers.

I have seen your links also bevor, my problem ist the lua-syntax. Can you give me a specific hint in my code?

(09 Jun '11, 13:25) Pfanne
1

You should be able to use the Lua "set_expert_flags" or "add_expert_info" methods on a Treeitem; see the Lua API entry for Treeitem.

(09 Jun '11, 13:35) Guy Harris ♦♦
TreeNode = TreeNode_E1:add_expert_info(PI_MALFORMED, PI_ERROR, "identifyer mismatch!")

that´s it, very usefull hint!, thank´s Guy Harris.

My UDP-Command-dissactor is ready!!!

Thank´s to all people who help me.

Greets from Hamburg Pfanne

(10 Jun '11, 10:01) Pfanne

1

You colorize packets by adding a color rule that matches something you put into the protocol tree for the error.

answered 09 Jun '11, 12:57

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

to Guy Harris

is there no way to integrate the color error into my lua-code?

(09 Jun '11, 13:27) Pfanne

There's no way for a dissector to directly do anything about color, as the environment in which dissectors run knows nothing about color (by design - there's no guarantee that the output of the dissector will be in an environment where things can be colored, and the user should be allowed to control colorization in any case).

(09 Jun '11, 13:32) Guy Harris ♦♦