| Bug ID |
10509
|
| Summary |
packet-filtering problem of specifying protocol name
|
| Product |
Wireshark
|
| Version |
1.12.1
|
| Hardware |
All
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Trivial
|
| Priority |
Low
|
| Component |
Common utilities (libwsutil)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Build Information:
TShark 1.12.1 (Git Rev Unknown from unknown)
Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.40.0, with libpcap, with libz 1.2.8, with POSIX
capabilities (Linux), with libnl 3, without SMI, without c-ares, without ADNS,
without Lua, without Python, with GnuTLS 3.3.8, with Gcrypt 1.6.2, with MIT
Kerberos, without GeoIP.
Running on Linux 3.16.2-1-ARCH, with locale C, with libpcap version 1.6.2, with
libz 1.2.8.
Intel(R) Core(TM) i7-3615QM CPU @ 2.30GHz
Built using gcc 4.9.1 20140903 (prerelease).
--
We found a bug in filtering packets.
When I set filter, for example, 'frame.number == 4607', tshark throws an error.
'Protocol ("4607") cannot appear on right-hand side of comparison.'
So We checked source code, and found a problem.
First, I checked wireshark-1.12.1/epan/dissectors/packet-stanag4607.c, and
found '4607' is defined as protocol name.
Soon after, found an problem in checking inputted string for packet-filtering.
>From source code, tshark checks if the inputted string is protocol name or not.
Because of it, many of packet-filtering functions have a problem.
For example, set packet filter 'http.user_agent == tcp', tshark throws an
error.
'Protocol ("tcp") cannot appear on right-hand side of comparison.' (if I set
'http.user_agent == "tcp"', no error was thrown.)
Wireshark has also same problem.
Please check just in case.
You are receiving this mail because:
- You are watching all bug changes.
