Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 2794] Questionable display filter fields

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 16 May 2011 09:50:03 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2794

--- Comment #19 from Michael Mann <mmann78@xxxxxxxxxxxx> 2011-05-16 09:49:55 PDT ---
I drastically improved the perl script to better catch "questionable display
filters".  Through the evolution of the script I ended up with 6 categories:
1) DCE/RPC autogenerated source - this generated a lot of "field redundancies",
but with my small understanding of DCE/RPC they seem reasonable (function names
contain display filter as a prefix).  So for now, the script ignores them.
2) ASN.1 autogenerated source - again generated a lot of "field redundancies"
that may be able to be cleaned up (mostly 1 or 2 per file), but I'd put that at
a much lower priority.
3) No proto_register_protocol - Files that don't register a protocol through
proto_register_protocol(). Presumably these are "helper" source files for
existing protocols that have "proper display filters".
4) Use display filter name from proto_register_protocol() - This gets away from
the strict filename != PROTABBREV that the script originally tried to enforce. 
It also is more adaptive to source files with multiple protocols.
5) "Filename manipulation" - Similar to #4 in that the script is trying to be
accepting of filename != PROTABBREV, but the display filter name didn't match.
6) Remainder - hopefully the "real" questionable display filters.

Originally I started with ~19600 "questionable" display filters.  Here are the
new "filtered" stats:
1) DCE/RPC - 5866 filters (20 files)
2) ASN.1 - 411 filters (34 files)
3) no proto_register_protocol() - 3430 filters (21 files)
4) use proto_register_protocol() - 5422 (142 files)
5) "File manipulation" - 405 filters (6 files)
6) Remainder - 4052 filters (123 files)


The remaining "duplicates" seem like a good place to start (~230 filters).  A
new patch will replace the current existing ones that had ASN.1/DCERPC
autogenerated files mixed in.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube