Hi Anders,
just one idea, what about introducing some "fields nicknames" configuration file instead of creating hardcoded global_filters.[ch]:
--- fields_nicknames.txt ---
gtp.imsi xgtp.imsi
gtpv2.imsi xgtp.imsi
---
It would allow users to define also own nicknames.
Best regards,
Tomas
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: Monday, August 18, 2014 15:46
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Defining global filters?
Hi,
How to define filters and display the data of fields that may occur in multiple protocols? One example is IMSI ( International Mobile Subscriber identity) that exists in multiple 3GPP and 3GPP2 protocols, following a call flow through the system it could be interesting to filter on
IMSI across multiple protocols to build a filter covering all messages in the call flow.
Suggestion:
Create global_filters.[ch] in epan/dissectors or (packet-global_filters?) define functions to parse the data there and/or export the hf
Variable to be used in the protocol dissectors.
>From GTPv2 current:
:
International Mobile Subscriber Identity (IMSI) : 262021030000050
IE Type: International Mobile Subscriber Identity (IMSI) (1)
IE Length: 8
0000 .... = CR flag: 0
.... 0000 = Instance: 0
IMSI(International Mobile Subscriber Identity number): 262021030000050
:
New
International Mobile Subscriber Identity (IMSI) : 262021030000050
IE Type: International Mobile Subscriber Identity (IMSI) (1)
IE Length: 8
0000 .... = CR flag: 0
.... 0000 = Instance: 0
IMSI(International Mobile Subscriber Identity number): 262021030000050
[Global filter IMSI : 262021030000050]
Comments?
Regards
Anders
