[Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx>]

Hello,

W dniu 2018-07-02 22:33, Jeff Morriss napisał(a):
> It's an idea that's been tossed around since at least 2006[1].  Someone
> (Jakub?) had played around with it but eventually gave up; 
> unfortunately I
> can't find the reference to that.

It seems I did one in 2012, 
https://www.wireshark.org/lists/wireshark-dev/201208/msg00200.html

patchset: https://www.wireshark.org/~darkjames/multicols/
screenshot: https://www.wireshark.org/~darkjames/protocolstack.png

looking in 0004 patch, the idea was that every protocol, (or PDU) would
call pinfo->cinfo = add_new_column_set(pinfo, TRUE);

which would create new (sub)row in column list.

> [1] https://www.wireshark.org/lists/wireshark-dev/200606/msg00147.html
>
> I think the UI presentation is one thing but the next (and equally
> important IMO) thing is how the filtering will work.

I am no longer reviewing changes actively, but as far as I know we don't 
have filtering for columns? Do we?

Jakub.

> On Mon, Jul 2, 2018 at 4:05 PM, Roland Knall <rknall@xxxxxxxxx> wrote:
>
> > This is a feature, that has been discussed on/off for a longer time 
> > now. I
> > think, this mockup is by far the best I've seen so far. You have my 
> > vote
> > for implementing it, and I think it will be a big improvement.
> >
> > cheers
> > Roland
> >
> > Am Mo., 2. Juli 2018 um 21:19 Uhr schrieb Darien Spencer 
> > <cusneud@xxxxxxxx
> > >:
> >
> > > Hey devs
> > > There's something that has been bothering me in my wireshark 
> > > experience
> > > and I wanted to bring to discussion
> > > *Some protocols can aggregate several payloads *such as *SCTP and 
> > > TCP*
> > > Viewing those in wireshark could be difficult if many payloads are
> > > present.
> > > Specificly *the Info column gets long quickly *(assuming fences are 
> > > used)
> > >
> > > Here is an example - the info column of a SCTP packet with 6 
> > > payloads:
> > > https://i.imgur.com/GeA2WmU.png
> > >
> > > It can be challenging to spot a specific packets in those 
> > > overpopulated
> > > info columns
> > > further more, once you find the right packet by the info column you 
> > > are
> > > served with your next challenge -
> > > finding which of the aggregated packets in the protocol tree is the 
> > > one
> > > you are looking for.
> > >
> > > I was thinking about introducing a newer concept to wireshark in the 
> > > form
> > > of *"sub-packets"*
> > > Maybe that's a cosmetic feature to add to the Qt GUI and maybe it
> > > required some changes to the dissection engine. I'm not familiar 
> > > enought
> > > with the GUI to tell.
> > > What I had in mind is an option to 'expend' a packet in the main view 
> > > so
> > > its aggregated sub packets are seen in a tree under it
> > > Here's a mock hoping it's get the idea across:
> > > https://i.imgur.com/WfSvg6x.png
> > >
> > > I can imagine how this might require a change to the way info is 
> > > saved in
> > > the dissectors.
> > >
> > >
> > > Does anyone else feel this is an issue when analysing traffic?
> > > Is this a feature fitting the GUI/User experience guidelines of 
> > > wireshark?
> > >
> > > Cheers,
> > > Darien
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe