| Bug ID |
12522
|
| Summary |
Double escaping of backslash in Regex required
|
| Product |
Wireshark
|
| Version |
2.0.4
|
| Hardware |
x86
|
| OS |
Windows 7
|
| Status |
UNCONFIRMED
|
| Severity |
Major
|
| Priority |
Low
|
| Component |
Qt UI
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Build Information:
Version 2.0.4 (v2.0.4-0-gdd7746e from master-2.0)
Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.42.0, with SMI 0.4.8, with c-ares 1.11.0, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale C, with
WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version
1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without
AirPcap.
Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz (with SSE4.2), with 16265MB of
physical memory.
Built using Microsoft Visual C++ 12.0 build 40629
--
Related question on SuperUser (for enhanced formatting):
http://superuser.com/questions/1089013/regular-_expression_-not-working-as-expected-for-special-characters
I have a Wireshark capture and I'm trying to create a display filter that finds
XML documents which contain the term "@@ V?" (at-at-space-V-questionmark). The
documentation says Perl Regex are used:
The matches operator makes it possible to search for text in string fields and
byte sequences using a regular _expression_, using Perl regular _expression_
syntax.
and the documentation defines a condition:
Note: Wireshark needs to be built with libpcre in order to be able to use the
matches operator.
I can't find out whether this condition applies, since it's not stated in the
above build information. But in general I can use the `matches` operator, so
I'd assume that part is fulfilled.
IMHO the filter
xml matches "@@ V\?"
should work, but it finds XML that does not fit the criterion, e.g. an XML like
<?xml version="1.0"?>
<dialog><sysdef name="TERMREC" value="@@ U1160613113912"/></dialog>
Using a filter without special characters (e.g. xml matches "@@ V0") works as
expected. Other filters with special characters (e.g. xml matches "@@ V1\*") do
not work as well.
Double escaping the backslash solves the issue.
Expected behavior, option 1 (my preferred option): a single backslash is
sufficient, since I'm not inside C++ code or something.
Expected behavior, option 2 (not preferred): a single backslash results in an
invalid Regex, indicated by a red background in the display filter box. When
using double backslashes, the display filter background becomes green.
You are receiving this mail because:
- You are watching all bug changes.
