[Richard Sharpe <realrichardsharpe@xxxxxxxxx>]

On Sun, Jul 31, 2022 at 3:36 AM João Valverde <j@xxxxxx> wrote:
>
> Maybe we could add wildcards?
>
> |diameter.*.Result-Code
>
> The star represents "any nesting level", not "any number of characters".
> I.e: it's not a text match, it matches levels on the protocol tree.
>
> It's not trivial at all to implement though. I think it would have to
> use a loop in DFVM code.

It looks like I am going to have to revisit this.

I did think of using wild cards, however, I now think it is going to
be easier to do something like:

1. In the code indicate that the filter expression supplied by the HF
should have a string prepended. In the use case I am thinking of it
would be something like "sta_profile_<b>" without the angle brackets.
There will be well known points in the code where this should be done.
This makes it easy to understand how to derive the filter expressions.
2. Carry around with the field in the tree the prefix that applies.
3. Modify the DFVM code to use the prepended string.

> On 30/07/22 13:28, John Thacker wrote:
> > To pile on more, there's the same enhancement request for Diameter
> > (also generated) that's ten years old:
> >
> > https://gitlab.com/wireshark/wireshark/-/issues/6816
> >
> > On Sat, Jul 30, 2022, 3:12 AM Roland Knall <rknall@xxxxxxxxx> wrote:
> >
> >     Just to pile on, a very similar issue exists with OPC UA, more
> >     because the dissector is generated and the generator is not
> >     respecting naming schemes but they face the same issue.
> >
> >     Kind regards
> >     Roland
> >
> >     > Am 29.07.2022 um 18:28 schrieb Richard Sharpe
> >     <realrichardsharpe@xxxxxxxxx>:
> >     >
> >     > Hi folks,
> >     >
> >     > The wonderful people working on 802.11 have started using
> >     recursive structures.
> >     >
> >     > That is, they are embedding Info Elements (IEs) within Info Elements
> >     > and there can be multiple IEs of the same type within an IE within a
> >     > Beacon or Probe etc frame.
> >     >
> >     > Now some people are asking to be able to refer to a specific
> >     embedded
> >     > IE within an IE.
> >     >
> >     > That would seem to present problems because there is no way to
> >     > concatenate filter expressions.
> >     >
> >     > About the best I can think of is pass some context to IE dissectors
> >     > via the pinfo field and to insert that into field values via a
> >     > proto_item_append_text ...
> >     >
> >     > Are there any other thoughts about how to deal with this issue?
> >     >
> >     > --
> >     > Regards,
> >     > Richard Sharpe
> >     > (何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)
> >     >
> >     ___________________________________________________________________________
> >     > Sent via:    Wireshark-dev mailing list
> >     <wireshark-dev@xxxxxxxxxxxxx>
> >     > Archives: https://www.wireshark.org/lists/wireshark-dev
> >     > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> >     >
> >      mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> >     ___________________________________________________________________________
> >     Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> >     Archives: https://www.wireshark.org/lists/wireshark-dev
> >     Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> >
> >      mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> >
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list<wireshark-dev@xxxxxxxxxxxxx>
> > Archives:https://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe:https://www.wireshark.org/mailman/options/wireshark-dev
> >               mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)