Wireshark-bugs: [Wireshark-bugs] [Bug 1802] New: "E" display filter field problems
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1802
Summary: "E" display filter field problems
Product: Wireshark
Version: SVN
Platform: PC
URL: http://www.wireshark.org/lists/wireshark-
dev/200708/msg00442.html
OS/Version: All
Status: NEW
Severity: Minor
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: christopher.maynard@xxxxxxxxx
Build Information:
SVN 22679
--
Three dissectors with PROTOABBREV starting with "E" having various display
filter field problems/inconsistencies:
1) packet-eap.c: PROTOABBREV=eap. Some fields were prefixed with "eaptls.",
rather than "eap." I changed them to "eap.tls." and will soon attach a patch
for it; however, I wasn't entirely sure if eap-tls is actually a separate
protocol or not. If so, then perhaps we should register a new dissector with
PROTOABBREV=eaptls and keep those fields as they are ... but separate them into
2 different hf[] arrays and register them under their respective protocols.
2)packet-edonkey.c: PROTOABBREV=edonkey. Some fields are prefixed with
"emule." instead of "edonkey.". One field is simply "overnet.peer", with no
appropriate prefix. So, I am a little confused if these are separate protocols
or just different applications using a the same protocol. I am inclined to
replace all "emule." prefixes with "edonkey." and to prepend "overnet.peer"
with "edonkey." as well, but figured I would verify with the core developers
before doing this. Or someone more knowledgeable than I with regards to these
protocols could take a look and submit the appropriate patch instead.
3) packet-dcerpc-eventlog.c: PROTOABBREV=eventlog. There are a lot of fields
with useless redundancies in the display filter name. For example,
"eventlog.eventlog_ReadEventLogW.offset". This should probably be simplified
to "eventlog.ReadEventLogW.offset"; however, I can't figure out how the display
fields are generated since this is an auto-generated file from the eventlog.cnf
and eventlog.idl files in the epan/dissectors/pidl/ directory. Someone with
more knowledge than I should probably look into this one too.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.