[Simon Barber <simon.barber@xxxxxxxxxx>]

I'd love to be able to add these, for example instead of writing

wlan.fc.type_subtype == 0x19

write

wlan.beacon

Simon

On Wed, Nov 8, 2017 at 12:27 AM, Richard Sharpe <realrichardsharpe@xxxxxxxxx> wrote:

Hi folks,

At SharkFest Europe someone asked me about the possibility of the
filter expressions in the SMB2 dissector being prefixed with smb2 or
smb3.

That is: smb2.flags.replay or smb3.flags.replay.

In addition, when I use dissector functions (through a dissector
table) from another protocol, I would like to be able to replace some
prefix of it's filter expressions.

For example, in packet-ieee1905.c I call dissect_wps_tlvs but I would
like to change the strings "wps.*" with "ieee1905.*".

I am thinking of adding an ability to specify a replacement string in
the handling of filter expressions.

Can anyone think of another way of doing this?

--
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe