http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=552
------- Comment #3 from jeff.morriss@xxxxxxxxxxx 2007-02-20 11:19 GMT -------
(In reply to comment #1)
> (In reply to comment #0)
>
> > With the following display filters:
> > nt.acb.disabled == 1
> > nt.acb.pwnoexp == 0
> > nt.acb.autolock == 1
> >
> > the gui indicates an error (line displayed in red) when we choose one of the
> > nt.acb.* expression under DCERPC. Found with the menu Analyze -> Display
> > filters -> Expression.
>
> The problem here _may_ be that those hf fields are declared as FT_BOOLEAN but
> with a list of values:
>
> ~~~
> { &hf_nt_acb_disabled,
> { "", "nt.acb.disabled", FT_BOOLEAN, 32,
> TFS(&tfs_nt_acb_disabled), 0x0001,
> "If this account is enabled or disabled", HFILL }},
> ~~~
>
> Or maybe not, need access to a compiler to check...
Or not... The problem actually is that the field does not have a name (see the
first empty string there).
Now the question is how to fix it:
- Make sure all fields have names (and abbreviations?), something like:
proto_register_field_init(header_field_info *hfinfo, int parent)
{
/* The field must have names */
DISSECTOR_ASSERT(hfinfo->name && hfinfo->name[0]);
DISSECTOR_ASSERT(hfinfo->abbrev && hfinfo->abbrev[0]);
(The comment was there before, the only thing I added was a check that the
length is > 0)
- (or) change the filtering code to accept fields without names.
I suspect the former is the way to go.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
