Wireshark-dev: Re: [Wireshark-dev] Display Filter Folders - a question to vote
From: Peter Wu <[email protected]>
Date: Wed, 22 Apr 2020 01:01:04 +0200
Hi Roland,

I vote for not limiting the characters within a group name and not using
a separator. Instead use two separate fields. I outlined a potential
approach that maintains backwards compatibility and has a better user
experience for the editor:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16498#c6

Kind regards,
Peter

On Tue, Apr 21, 2020 at 12:25:26PM -0700, Ross Jacobs wrote:
> Hi Roland,
> 
> Personally, I would avoid this usage here as I read `&&` as "find the
> packets where both of these display filters are valid".
> 
> (If I'm reading you correctly) would it be possible to use  `.` like
> `Proto.HTTP` to mimic the expectation in display filters that right is a
> component of left? I think // or any other unused operator is also
> preferable.
> 
> Cheers,
> Ross
> 
> On Tue, Apr 21, 2020 at 12:08 PM Roland Knall <[email protected]> wrote:
> 
> > Hi
> >
> > We have a new feature in Wireshark, where you can sort display filters
> > into subfolders. See
> > https://twitter.com/bubbasnmp/status/1252627399201742848 for an example
> > use case.
> >
> > The current implementation requires the name of the folder to be part of
> > the filter name, so in the case of the picture it would read "Proto &&
> > HTTP" or "Proto && TCP", to create a folder "Proto" with the children
> > "HTTP" and "TCP".
> >
> > Now the question is, if && is the correct delimiter. What do you think?
> > Would // for instance make more sense?
> >
> > Please let me know
> >
> > cheers, Roland