Wireshark
the world's foremost network protocol analyzer
Wireshark-bugs: [Wireshark-bugs] [Bug 1503] SSLv2 record length and version shown wrong
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 3 Apr 2007 19:26:29 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1503 sake@xxxxxxxxxx changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #600 is|0 |1 obsolete| | ------- Comment #6 from sake@xxxxxxxxxx 2007-04-03 19:26 GMT ------- Created an attachment (id=604) --> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=604&action=view) fix-bug1503-2.patch Hi Richard, You are right, wireshark SHOULD be able to filter on multiple hf's with the same field-name, BUT there is a little bug in the code. I have pinpointed it to the following in epan/dfilter/dfvm.c: case CHECK_EXISTS: hfinfo = arg1->value.hfinfo; while(hfinfo) { accum = proto_check_for_protocol_or_field(tree, arg1->value.hfinfo->id); if (accum) { break; } else { hfinfo = hfinfo->same_name_next; } } break; It actually loops through all the hf's with the same name, but only checks against the original (first) hf. So, I fixed this and reverted my patch to only include the other issues, leaving the multiple hf's with the same field-name intact. Could you review this updated patch? Cheers, Sake -- Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
- Prev by Date: [Wireshark-bugs] [Bug 1498] GSM_MAP dissector decodes MAPv2 MT-ForwardShortMessage incorrectly
- Next by Date: [Wireshark-bugs] [Bug 1503] SSLv2 record length and version shown wrong
- Previous by thread: [Wireshark-bugs] [Bug 1503] SSLv2 record length and version shown wrong
- Next by thread: [Wireshark-bugs] [Bug 1503] SSLv2 record length and version shown wrong
- Index(es):