Hi Roland,
I vote for not limiting the characters within a group name and not using
a separator. Instead use two separate fields. I outlined a potential
approach that maintains backwards compatibility and has a better user
experience for the editor:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16498#c6
Kind regards,
Peter
On Tue, Apr 21, 2020 at 12:25:26PM -0700, Ross Jacobs wrote:
> Hi Roland,
>
> Personally, I would avoid this usage here as I read `&&` as "find the
> packets where both of these display filters are valid".
>
> (If I'm reading you correctly) would it be possible to use `.` like
> `Proto.HTTP` to mimic the expectation in display filters that right is a
> component of left? I think // or any other unused operator is also
> preferable.
>
> Cheers,
> Ross
>
> On Tue, Apr 21, 2020 at 12:08 PM Roland Knall <rknall@xxxxxxxxx> wrote:
>
> > Hi
> >
> > We have a new feature in Wireshark, where you can sort display filters
> > into subfolders. See
> > https://twitter.com/bubbasnmp/status/1252627399201742848 for an example
> > use case.
> >
> > The current implementation requires the name of the folder to be part of
> > the filter name, so in the case of the picture it would read "Proto &&
> > HTTP" or "Proto && TCP", to create a folder "Proto" with the children
> > "HTTP" and "TCP".
> >
> > Now the question is, if && is the correct delimiter. What do you think?
> > Would // for instance make more sense?
> >
> > Please let me know
> >
> > cheers, Roland
