Wireshark-dev: Re: [Wireshark-dev] Filter expressions for recursive structures

Date Prev · Date Next · Thread Prev · Thread Next
From: João Valverde <j@xxxxxx>
Date: Sun, 31 Jul 2022 11:33:45 +0100
Maybe we could add wildcards?

|diameter.*.Result-Code

The star represents "any nesting level", not "any number of characters". I.e: it's not a text match, it matches levels on the protocol tree.

It's not trivial at all to implement though. I think it would have to use a loop in DFVM code.

|
On 30/07/22 13:28, John Thacker wrote:
To pile on more, there's the same enhancement request for Diameter (also generated) that's ten years old:

https://gitlab.com/wireshark/wireshark/-/issues/6816

On Sat, Jul 30, 2022, 3:12 AM Roland Knall <rknall@xxxxxxxxx> wrote:

    Just to pile on, a very similar issue exists with OPC UA, more
    because the dissector is generated and the generator is not
    respecting naming schemes but they face the same issue.

    Kind regards
    Roland

    > Am 29.07.2022 um 18:28 schrieb Richard Sharpe
    <realrichardsharpe@xxxxxxxxx>:
    >
    > Hi folks,
    >
    > The wonderful people working on 802.11 have started using
    recursive structures.
    >
    > That is, they are embedding Info Elements (IEs) within Info Elements
    > and there can be multiple IEs of the same type within an IE within a
    > Beacon or Probe etc frame.
    >
    > Now some people are asking to be able to refer to a specific
    embedded
    > IE within an IE.
    >
    > That would seem to present problems because there is no way to
    > concatenate filter expressions.
    >
    > About the best I can think of is pass some context to IE dissectors
    > via the pinfo field and to insert that into field values via a
    > proto_item_append_text ...
    >
    > Are there any other thoughts about how to deal with this issue?
    >
    > --
    > Regards,
    > Richard Sharpe
    > (何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者)
    >
    ___________________________________________________________________________
    > Sent via:    Wireshark-dev mailing list
    <wireshark-dev@xxxxxxxxxxxxx>
    > Archives: https://www.wireshark.org/lists/wireshark-dev
    > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
    >           
     mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
    ___________________________________________________________________________
    Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
    Archives: https://www.wireshark.org/lists/wireshark-dev
    Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
               
     mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list<wireshark-dev@xxxxxxxxxxxxx>
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe:https://www.wireshark.org/mailman/options/wireshark-dev
              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe