Yo Chris! I had the same problem and was just wondering why. It seems that "Expert Info" rescans a capture passing no valid tree pointer. "Expert Info Composite" does indeed pass a valid tree pointer!. So in my dissector the EIC makes much more sense. You said that the "old" EI will not be available in some future point of time? Regards, Frank ________________________________
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Maynard, Chris Gesendet: Freitag, 24. August 2007 22:33 An: Developer support list for Wireshark Betreff: RE: [Wireshark-dev] Expert Infos are a bit "more official" now! Ulf, First - Great stuff! I finally got around to adding this to a proprietary dissector to try it out. For example, in a small capture file of around 15000 packets, I wanted to pick out 5 particular packets of interest. This could have been accomplished by searching for these packets of course, or by applying a display filter, but nothing comes close to the convenience the expert info provides. Anyway, I plan to slowly add this to more and more dissectors as I have time. However, the only problem I came across was that in order for the expert info feature to work reliably, it seems that you have to do all of the detailed dissection work, regardless of whether or not the initial proto_tree passed to the dissector was NULL or not (i.e., To use the README.developer terminology, you can't assume "Operational dissection" only). Therefore, I simply changed the "if (tree) { ... }" to "if (1) { ... }" to test it and that worked. Anyway, that is probably obvious to you, but it wasn't to me, so you may want to indicate that in the documentation? Or kindly point out what I might be doing wrong so I can still make use of the expert info features without doing any unnecessary building of the protocol tree? Thanks again for documenting this feature and bringing it to everyone's attention! Chris ________________________________ From: [EMAIL PROTECTED] on behalf of Ulf Lamping Sent: Thu 8/16/2007 6:30 PM To: wireshark-dev@wireshark.org Subject: [Wireshark-dev] Expert Infos are a bit "more official" now! Hi List! I think the Expert Info feature that I've added a while ago should be used more widely :-) In the last days I've added the "Expert Info" feature to the User's Guide, so users have a chance to know how to use it. I've also changed the Wiki's ExpertInfo Developer page, it's more of a "How To add expert infos to a dissector" now - before it was a bit outdated proposal / collecting ideas page. As I'm using the EI for a quite a while now and I really find it invaluable to get a "quick overview" of that file. In the PROFINET dissectors for example, I've added "PI_UNDECODED" EI's at all places where the current dissection is incomplete or where stuff is marked "Reserved" in the specs. If I get a new capture file, I just open the EI composite to have a quick look if anything in the dissection is missing and needs to be implemented / checked. This is *much* faster than scanning the packets manually and already saved me a lot of time. If you're interested what the "Expert Infos" are and how to use them in the GUI, please read the User's Guide section http://www.wireshark.org/docs/wsug_html_chunked/ChAdvExpert.html. If you're interested how to add "Expert Infos" to your dissector code, please read the ExpertInfo Wiki page http://wiki.wireshark.org/Development/ExpertInfo. I can only suggest other developers to add more expert infos to their dissectors, this will probably be very helpful for both developers and users ... Regards, ULFL P.S: Any suggestions about the User Guide and Wiki page text or the EI feature itself is welcome ... _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
