Hello,
It appears to be impossible to use external tools such as pyshark to extract field information from many of the fields in a ZigBee packet because many of the abbrev fields of the hf_register_info entries for the ZigBee dissectors more than one “.” . It does not appear to affect anything inside wireshark (though I’m not sure?), but it may impact some filtering and possibly other uses of capture information such as pyshark.
For example in packet-zbee-nwk.c, line 1832, hf_zbee_nwk_src64_origin uses an abbrev field of “zbee_nwk.src64.origin” (zbee_nwk is the PROTO_ABBREV used in the proto_register_protocol() ). I expect that the second “.” should really be “_” and thus “zbee_nwk.src64_origin”.
It affects many lines in many files, but it is a straightforward change that I would be willing to undertake.
I do not know but am concerned of the possibility of this change impact existing users. However, if it is illegal (as evidenced by my experience with pyshark) they would not have been able to make use it in the illegal form anyway.
So I am proposing that I make this change and asking for feedback specifically on how serious a issue the extra dots are (if at all) and how this might change existing users.
Regards,
+ Chris Brandson
