Wireshark · Ethereal-dev: [Ethereal-dev] RFC: Possible change in FT

Ethereal-dev: [Ethereal-dev] RFC: Possible change in FT_BYTES dfilter syntax

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gilbert Ramirez <gram@xxxxxxxxxxxxxxx>

Date: Thu, 10 Jul 2003 04:59:11 -0000

Right now there are three ways to express multi-byte byte-strings in
Ethereal's display-filter syntax.... using periods, colons, or hyphens:

ff.ff.ff.ff.ff.ff
ff-ff-ff-ff-ff-ff
ff:ff:ff:ff:ff:ff

I'm working on some changes to the dfilter code, and would like to have
the scanner create some of the basic types. But floating point 0.7 looks
like a byte-string equivalent to 00:07. In order to disambiguate some
floating point numbers from two-byte byte-strings, I'd like to remove
the option of using a period between bytes in a byte-string.

Sigh. If I had been smart, I would have allowed only one syntax for byte
strings. Not 3. Not 2.

I'd like to get a feel for how badly this change would affect people. If
breaking this would cause too much hardship, I won't do it. I can work
around the 3 syntaxes for byte strings. I'm contemplating this change
because it makes it easier and cleaner to implement a "contains" test.
I.e., I have the following dfilter syntax working:

http contains "jpg"
frame contains 00:07

The "contains" test works on protocols, strings, and byte-strings (and
derivatives).

--gilbert

Follow-Ups:
- Re: [Ethereal-dev] RFC: Possible change in FT_BYTES dfilter syntax
  - From: Guy Harris
- Re: [Ethereal-dev] RFC: Possible change in FT_BYTES dfilter syntax
  - From: Ed Warnicke

Prev by Date: Re: [Ethereal-dev] SMB
Next by Date: Re: [Ethereal-dev] RFC: Possible change in FT_BYTES dfilter syntax
Previous by thread: Re: [Ethereal-dev] SMB
Next by thread: Re: [Ethereal-dev] RFC: Possible change in FT_BYTES dfilter syntax
Index(es):
- Date
- Thread