On Feb 21, 2014, at 12:08 PM, Hadriel Kaplan <hadriel.kaplan@xxxxxxxxxx> wrote:
> Also, FT_IPv4 and FT_IPv6 are frequently in duplicate fields. Should they be/not-be? Display filter input/verification might have issues with it, but it seems logical to have generic "foo.src"/"foo.dst"/etc. fields of both types.
The one place where we're doing that with ".src" and ".dst" is in the PGM dissector; in, for example, a Source Path Message, there's a field specifying the Address Family Indicator (AFI) for the source address and another specifying the address, which could be IPv4, IPv6, or, in theory, a number of other types.
If we support, for example, "pgm.nak.src == 127.0.0.1" and "pgm.nak.src == ::1", with the former failing for an IPv6 pgm.nak.src and the latter failing for an IPv4 pgm.nak.src, that might work - if we do "pgm.nak.src == hostname", I'd be tempted to have that match either hostname's IPv4 or IPv6 addresses (and, if it has multiple IPv4 or IPv6 addresses, matching any of them, if we don't already do that).
