ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 4590] ANCP (Access Node Control Protocol) Dissector

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 29 Mar 2010 08:01:53 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4590

--- Comment #7 from Bill Meier <wmeier@xxxxxxxxxxx> 2010-03-29 08:01:51 PDT ---
(In reply to comment #4)



> 3) I have "vim expandtab", and I have space-only indentation, no tabs
>    if there are any specific Wireshark requirements for 
>    indentation (or GNU indent with specific options), I can use that.

If you look at the actual indentation used you'll see that there are a few
lines which have tabs as the indentation.

Also: the first line of the file is
/* vim: set ts=8 noexpandtab : */
I'm guessing that maybe this should be removed. (I'm not a vim user so I don't
know if this line actually has any effect).

Also:

proto_register...  and proto_reg_handoff... (and the value_string definitions)
are indented 8 spaces as opposed to the 4 space indentation of the rest.

Using 4,8,... spaces indentation everyplace will be fine.



> 5) hf[]: I did not want filtering-on/display-of all the header fields available
>    so, made some empty (""), is there is a different way to accomplish
>    this ?
> 

The way that could be done is to use proto_add_text instead of proto_add_item.
However, why don't you want to be able to filter on various of the fields ?
We'd much rather have all fields be filterable.



> 10) I have verified the statistics, which counter did you feel was incorrect?
> 
>     With the sample capture that I have attached, 
> 
>     with the display filter ancp.mtype == 10 in use, we see 25 TCP packets
>     with frame 7 having 2 ANCP packets (1 Syn and 1 SynACK) 
>     i.e, 26 Adjacency packets total  (1 SynAck not seen in Info column
>     because of 2 packets in same frame)
> 
>      Port Up - 4        (ancp.mtype == 80)
>      Port Down - 2       (ancp.mtype == 81)
>      Port Management - 4   (ancp.mtype == 32)
> 
>     (as shown in the stats)  
> 


OK: I'm not that familiar with 'stats'. I just tried creating the stats w/o any
filter. Should that work ?

Trying again I see that I get different results for the stats w/o any filter
depending upon whether I first create stats with a filter.

Also: The results for the 'no filter' case are different depending upon which
filter I use first (eg: 'ancp' vs 'ancp.mtype==10').

Also: I think the 'no filter' results are different depending upon whether I
just close/reopen the capture file or restart wireshark.

Seems fishy ....

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube