|
The following updates add the composite expert statistics to the Analyze menu in Ethereal.
This feature takes the expert info (provided by the expert tap) and provides a composite view for each type of expert item.
For example, if there were 20 TCP SYN requests in a packet trace, the expert info option will list 10 different entries. The composite expert info option will list a single TCP SYN entry with a count of 10.
Each type of Expert data is contained within it's own table. The data is displayed through notebook tabs for each type. So if users want to see Errors then they would click on the Errors tab.
Each table has a copy button to copy the table to the operating systems copy/paste buffer in csv format.
Each item in each table has a number of selectable options. For example,
1. Apply as filter
2. Prepare as Filter
3. Find
4. Colorize
5. Find on Internet
Each selectable option has a number of sub-options. This is similar to the same tasks performed in other components of Ethereal. For example the Apply as filter has
1. Selected
2. Not Selected
3. And Selected
4. And Not Selected
5. Or Selected
6. Or Not Selected
The filtering is performed by a slight modification to the expert functions to store the expert item. I have modified the expert_t struct to include the passed expert item. The comp_expert_table.c will take the expert item, walk the fvalue struct and find the type and value for the expert item. The filter will be built from this data. ( Ulf, I think this is what you had suggested.)
For items passed to the expert tap, that do not include an expert item, there is no way to build a filter. Users will be prompted that a filter could not be constructed and to use find instead. With the find option the find dialog is presented to the user. The user can then select the string to locate from the expert string passed by the dissector. User can also use other find options to define what type of string to search. For example, TCP dissector reports to expert tap "Acked lost segment (common at capture start)", Note that there is no expert item passed. The string "Acked lost segment" is present within the Ethereal summary line and within the decode window. But the "(common at capture start)" is not located anywhere. For this reason the user must edit the expert string that is written to the search dialog to successfully find the packet/packets in question.
Please review, make comments, and if desirable check-in...
Greg
|