https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3809
Summary: Sub-fields of data field should appear in exported PDML
as children of the data field instead of as siblings to
it
Product: Wireshark
Version: 1.2.1
Platform: x86
OS/Version: Windows XP
Status: NEW
Severity: Normal
Priority: Medium
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: tonedef@xxxxxxxxxxx
Build Information:
Build Information:
Version 1.2.1 (SVN Rev 29141)
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 19 2009), with
AirPcap.
Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, GnuTLS 2.8.1,
Gcrypt 1.4.4, without AirPcap, from the PortableApps U3 device in drive C:.
Built using Microsoft Visual C++ 9.0 build 30729
--
Sub-fields of data field should appear in the exported PDML as children of the
data field instead of as siblings to it.
In the Wireshark UI, subfields of the field named Data appear in the packet
details tree as children of the field named "data". In the PDML exported by
TShark/Wireshark, however, the subfields are siblings to the field named
"data". A snippet of sample PDML that illustrates the issue follows:
<proto name="icmp" showname="Internet Control Message Protocol" size="40"
pos="74">
<field name="data"
value="6162636465666768696a6b6c6d6e6f7071727374757677616263646566676869"/>
<field name="data.data" showname="Data:
6162636465666768696A6B6C6D6E6F707172737475767761..." size="32" pos="82"
show="61:62:63:64:65:66:67:68:69:6a:6b:6c:6d:6e:6f:70:71:72:73:74:75:76:77:61:62:63:64:65:66:67:68:69"
value="6162636465666768696a6b6c6d6e6f7071727374757677616263646566676869"/>
<field name="data.len" showname="Length: 32" size="0" pos="82"
show="32"/>
</proto>
In the preceding snippet of PDML, notice that the fields named "data.data" and
"data.len" are indented so as to appear as children of the field named "data",
yet the structure of the XML reveals that the two subfields are actually
siblings of the field named "data". The tag for the field named "data" should
not have been closed and should have had a matching close tag instead so as to
enclose the two subfields as children (just as it is done with all of the other
fields in the PDML).
The exported PDML should look like the following instead:
<proto name="icmp" showname="Internet Control Message Protocol" size="40"
pos="74">
<field name="data"
value="6162636465666768696a6b6c6d6e6f7071727374757677616263646566676869">
<field name="data.data" showname="Data:
6162636465666768696A6B6C6D6E6F707172737475767761..." size="32" pos="82"
show="61:62:63:64:65:66:67:68:69:6a:6b:6c:6d:6e:6f:70:71:72:73:74:75:76:77:61:62:63:64:65:66:67:68:69"
value="6162636465666768696a6b6c6d6e6f7071727374757677616263646566676869"/>
<field name="data.len" showname="Length: 32" size="0" pos="82"
show="32"/>
</field>
</proto>
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
