Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 1802] New: "E" display filter field problems

Date: Mon, 27 Aug 2007 15:59:35 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1802

           Summary: "E" display filter field problems
           Product: Wireshark
           Version: SVN
          Platform: PC
               URL: http://www.wireshark.org/lists/wireshark-
                    dev/200708/msg00442.html
        OS/Version: All
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: christopher.maynard@xxxxxxxxx


Build Information:
SVN 22679
--
Three dissectors with PROTOABBREV starting with "E" having various display
filter field problems/inconsistencies:

1) packet-eap.c: PROTOABBREV=eap.  Some fields were prefixed with "eaptls.",
rather than "eap."  I changed them to "eap.tls." and will soon attach a patch
for it; however, I wasn't entirely sure if eap-tls is actually a separate
protocol or not.  If so, then perhaps we should register a new dissector with
PROTOABBREV=eaptls and keep those fields as they are ... but separate them into
2 different hf[] arrays and register them under their respective protocols.

2)packet-edonkey.c: PROTOABBREV=edonkey.  Some fields are prefixed with
"emule." instead of "edonkey.".  One field is simply "overnet.peer", with no
appropriate prefix.  So, I am a little confused if these are separate protocols
or just different applications using a the same protocol.  I am inclined to
replace all "emule." prefixes with "edonkey." and to prepend "overnet.peer"
with "edonkey." as well, but figured I would verify with the core developers
before doing this.  Or someone more knowledgeable than I with regards to these
protocols could take a look and submit the appropriate patch instead.

3) packet-dcerpc-eventlog.c: PROTOABBREV=eventlog.  There are a lot of fields
with useless redundancies in the display filter name.  For example,
"eventlog.eventlog_ReadEventLogW.offset".  This should probably be simplified
to "eventlog.ReadEventLogW.offset"; however, I can't figure out how the display
fields are generated since this is an auto-generated file from the eventlog.cnf
and eventlog.idl files in the epan/dissectors/pidl/ directory.  Someone with
more knowledge than I should probably look into this one too.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.