Re: [Wireshark-dev] [Wireshark-commits] master 8d65ccf: Show answers a line at a time, after the request frame and time delta.
> -Original Message- > From: Wireshark-commits [mailto:wireshark-commits-boun...@wireshark.org] > On Behalf Of Wireshark code review > Sent: Sunday, December 22, 2019 1:01 AM > To: wireshark-comm...@wireshark.org > Subject: [Wireshark-commits] master 8d65ccf: Show answers a line at a time, > after the request frame and time delta. > > URL: > https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8d65cc > fee4cb1da05a7e4bae1150ca7f56ce4fb4 > Submitter: "Guy Harris " > Changed: branch: master > Repository: wireshark > > Commits: > > 8d65ccf by Guy Harris (g...@alum.mit.edu): > > Show answers a line at a time, after the request frame and time delta. > > Long responses are *really* hard to read if you make them one single > string item. Show it a line at a time, as we do with many other > text-oriented protocols. > > Change-Id: Ie2e81dabeba728ed34772d7015c52b0b047904e8 > Reviewed-on: https://code.wireshark.org/review/35544 > Petri-Dish: Guy Harris > Tested-by: Petri Dish Buildbot > Reviewed-by: Guy Harris > > > Actions performed: > > from 0442f7a UI: Fix compilation with Qt 5.14 > add 8d65ccf Show answers a line at a time, after the request frame and > time delta. > > > Summary of changes: > epan/dissectors/packet-whois.c | 23 ++- > 1 file changed, 22 insertions(+), 1 deletion(-) With this change, it's no longer possible to right-click on the answer, choose "Copy -> Value" and easily obtain the *entire* answer. Now, you would have to copy each line one at a time to retrieve it. - Chris CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited. ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] master 8d65ccf: Show answers a line at a time, after the request frame and time delta.
On Dec 25, 2019, at 9:21 AM, Maynard, Chris via Wireshark-dev wrote: > With this change, it's no longer possible to right-click on the answer, > choose "Copy -> Value" and easily obtain the *entire* answer. Now, you would > have to copy each line one at a time to retrieve it. That's not unique to this protocol; there are other text-based protocols that show the text a line at a time, so that it's possible to easily *read* the dissection. So perhaps we 1) should add support for selecting multiple lines in the packet details pane and copying them (I think there's already an enhancement request for that) and 2) make sure that copying that as a value produces the desired result. ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] master 8d65ccf: Show answers a line at a time, after the request frame and time delta.
> -Original Message- > From: Guy Harris [mailto:g...@alum.mit.edu] > Sent: Wednesday, December 25, 2019 1:23 PM > To: Developer support list for Wireshark > Cc: Maynard, Chris > Subject: Re: [Wireshark-dev] [Wireshark-commits] master 8d65ccf: Show > answers a line at a time, after the request frame and time delta. > > On Dec 25, 2019, at 9:21 AM, Maynard, Chris via Wireshark-dev d...@wireshark.org> wrote: > > > With this change, it's no longer possible to right-click on the answer, > > choose > "Copy -> Value" and easily obtain the *entire* answer. Now, you would have to > copy each line one at a time to retrieve it. > > That's not unique to this protocol; there are other text-based protocols that > show the text a line at a time, so that it's possible to easily *read* the > dissection. > > So perhaps we 1) should add support for selecting multiple lines in the packet > details pane and copying them (I think there's already an enhancement request > for that) and 2) make sure that copying that as a value produces the desired > result. Or revert this change so whois.answer reflects the entire answer again, but add each line underneath the answer using a different filter, such as "whois.answer.line"? I would prefer this solution as the answer is the entire answer and each line is only part of the answer. For example: V WHOIS: Answer V Answer [truncated]: % IANA WHOIS server\n% for more information on IANA, visit http://www.iana.org\n% This query returned 1 object\n\n domain: EXAMPLE.COM\n\norganisation: Internet Assigned Numbers Authority\n\n created: 1992-01- Line 1: % IANA WHOIS server\n Line 2: % for more information on IANA, visit http://www.iana.org\n Line 3: % This query returned 1 object\n Line 4: \n Line 5: domain: EXAMPLE.COM\n Line 6: \n Line 7: organisation: Internet Assigned Numbers Authority\n Line 8: \n Line 9: created: 1992-01-01\n Line 10: source: IANA\n Line 11: \n Here I've enumerated each line in the field description, but I hope it's clear that the same field would be used for all lines. - Chris CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited. ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] master 8d65ccf: Show answers a line at a time, after the request frame and time delta.
On Dec 25, 2019, at 10:44 AM, Maynard, Chris
wrote:
> Or revert this change so whois.answer reflects the entire answer again, but
> add each line underneath the answer using a different filter, such as
> "whois.answer.line"?
We could, but I think going back to the way it was before would be a bad idea.
> I would prefer this solution as the answer is the entire answer and each line
> is only part of the answer.
The argument could be made for other text protocols. The problem is that "the
entire answer" is hard to read.
> For example:
> V WHOIS: Answer
> V Answer [truncated]: % IANA WHOIS server\n% for more information
> on IANA, visit http://www.iana.org\n% This query returned 1 object\n\n
> domain: EXAMPLE.COM\n\norganisation: Internet Assigned Numbers
> Authority\n\n created: 1992-01-
Note the word "truncated" here. That's not a good thing.
>Line 1: % IANA WHOIS server\n
>Line 2: % for more information on IANA, visit
> http://www.iana.org\n
>Line 3: % This query returned 1 object\n
>Line 4: \n
>Line 5: domain: EXAMPLE.COM\n
>Line 6: \n
>Line 7: organisation: Internet Assigned Numbers Authority\n
>Line 8: \n
>Line 9: created: 1992-01-01\n
>Line 10: source: IANA\n
>Line 11: \n
Something that displays it in *that* fashion, with each line shown underneath
an item for the entire {WHOIS answer, SMTP mail message, HTTP/SIP/etc. header,
HTTP text payload, etc.}, might be the right way to handle text protocols.
And, given that, is there any need to show the full text in the top-level item?
___
Sent via:Wireshark-dev mailing list
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] PIM: Support for dissection of PIM Flooding Mechanisme (PFM)
Hi, I have as part of a study of the RFC8364, written a dissection of the PFM message from https://tools.ietf.org/html/rfc8364 as part of the Protocol Independed Multicast (PIM) dissection. Not sure if this is of interest to include into the source base or not? Regards, Anders Reggestad ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] PIM: Support for dissection of PIM Flooding Mechanisme (PFM)
On Wed, Dec 25, 2019 at 12:52 PM Anders Reggestad wrote: > > Hi, > > I have as part of a study of the RFC8364, written a dissection of the PFM > message from https://tools.ietf.org/html/rfc8364 as part of the Protocol > Independed Multicast (PIM) dissection. Not sure if this is of interest to > include into the source base or not? If someone would find it useful then you should submit it. https://code.wireshark.org/review -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者) ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] PIM: Support for dissection of PIM Flooding Mechanisme (PFM)
On Dec 25, 2019, at 1:11 PM, Richard Sharpe wrote: > If someone would find it useful then you should submit it. And if it adds support for a protocol feature that's not currently supported, somebody will probably find it useful. > https://code.wireshark.org/review And: https://wiki.wireshark.org/CreatingPatches https://wiki.wireshark.org/Development/SubmittingPatches and perhaps other items on https://wiki.wireshark.org/Development ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] master 8d65ccf: Show answers a line at a time, after the request frame and time delta.
> -Original Message-
> From: Guy Harris [mailto:g...@alum.mit.edu]
> Sent: Wednesday, December 25, 2019 3:19 PM
> To: Maynard, Chris
> Cc: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] [Wireshark-commits] master 8d65ccf: Show
> answers a line at a time, after the request frame and time delta.
>
> On Dec 25, 2019, at 10:44 AM, Maynard, Chris
> wrote:
>
> > Or revert this change so whois.answer reflects the entire answer again, but
> add each line underneath the answer using a different filter, such as
> "whois.answer.line"?
>
> We could, but I think going back to the way it was before would be a bad idea.
>
> > I would prefer this solution as the answer is the entire answer and each
> > line is
> only part of the answer.
>
> The argument could be made for other text protocols. The problem is that "the
> entire answer" is hard to read.
>
> > For example:
> > V WHOIS: Answer
> > V Answer [truncated]: % IANA WHOIS server\n% for more information
> on IANA, visit http://www.iana.org\n% This query returned 1 object\n\n
> domain: EXAMPLE.COM\n\norganisation: Internet Assigned Numbers
> Authority\n\n created: 1992-01-
>
> Note the word "truncated" here. That's not a good thing.
>
> >Line 1: % IANA WHOIS server\n
> >Line 2: % for more information on IANA, visit
> http://www.iana.org\n
> >Line 3: % This query returned 1 object\n
> >Line 4: \n
> >Line 5: domain: EXAMPLE.COM\n
> >Line 6: \n
> >Line 7: organisation: Internet Assigned Numbers
> > Authority\n
> >Line 8: \n
> >Line 9: created: 1992-01-01\n
> >Line 10: source: IANA\n
> >Line 11: \n
>
> Something that displays it in *that* fashion, with each line shown underneath
> an item for the entire {WHOIS answer, SMTP mail message, HTTP/SIP/etc.
> header, HTTP text payload, etc.}, might be the right way to handle text
> protocols.
>
> And, given that, is there any need to show the full text in the top-level
> item?
Well, showing the full text allows for full "Copy -> Value" to continue to
work, and including the full text in a single "whos.answer" should, in theory
at least, allow for pattern matching with the matches operator across lines,
which the current implementation no longer allows. I write, "in theory",
because I can't seem to successfully get this to actually work using master,
3.2.0 or 3.0.7. For example, I'd expect whois.answer ~ "Domain.*TERMS OF USE"
to match frame 11 of the whois.pcap capture file attached to Bug 16291
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16291), but this doesn't
work. In fact, a lot of regex's seem to fail. Maybe I'm doing something wrong
or maybe something is broken? I'll have to try to investigate this further
another day - the kids want their new toys assembled. :)
- Chris
CONFIDENTIALITY NOTICE: This message is the property of International Game
Technology PLC and/or its subsidiaries and may contain proprietary,
confidential or trade secret information. This message is intended solely for
the use of the addressee. If you are not the intended recipient and have
received this message in error, please delete this message from your system.
Any unauthorized reading, distribution, copying, or other use of this message
or its attachments is strictly prohibited.
___
Sent via:Wireshark-dev mailing list
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] master 8d65ccf: Show answers a line at a time, after the request frame and time delta.
On Dec 25, 2019, at 1:35 PM, Maynard, Chris wrote:
> On Dec 25, 2019, at 3:19 PM, Guy Harris wrote:
>
>> And, given that, is there any need to show the full text in the top-level
>> item?
>
> Well, showing the full text allows for full "Copy -> Value" to continue to
> work, and including the full text in a single "whos.answer" should, in theory
> at least, allow for pattern matching with the matches operator across lines,
> which the current implementation no longer allows.
What's displayed to in the packet details pane and what's the value of the
field from the point of view of Copy > Value and of operators testing the field
value aren't necessarily the same. (From the internal point of view, a
field_info structure:
typedef struct field_info {
header_field_info *hfinfo; /**< pointer to registered
field information */
gint start; /**< current start of data in
field_info.ds_tvb */
gint length; /**< current data length of
item in field_info.ds_tvb */
gint appendix_start; /**< start of appendix data */
gint appendix_length; /**< length of appendix data
*/
gint tree_type; /**< one of ETT_ or -1 */
guint32 flags; /**< bitfield like
FI_GENERATED, ... */
item_label_t*rep; /**< string for GUI tree */
tvbuff_t*ds_tvb; /**< data source tvbuff */
fvalue_t value;
} field_info;
has a "rep" field, showing the "string for GUI tree" (or for the output of
tshark -V, or...), and a "value" field, storing the field value.
___
Sent via:Wireshark-dev mailing list
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] master 8d65ccf: Show answers a line at a time, after the request frame and time delta.
> -Original Message-
> From: Guy Harris [mailto:g...@alum.mit.edu]
> Sent: Wednesday, December 25, 2019 4:50 PM
> To: Maynard, Chris
> Cc: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] [Wireshark-commits] master 8d65ccf: Show
> answers a line at a time, after the request frame and time delta.
>
> On Dec 25, 2019, at 1:35 PM, Maynard, Chris
> wrote:
>
> > On Dec 25, 2019, at 3:19 PM, Guy Harris wrote:
> >
> >> And, given that, is there any need to show the full text in the top-level
> >> item?
> >
> > Well, showing the full text allows for full "Copy -> Value" to continue to
> > work,
> and including the full text in a single "whos.answer" should, in theory at
> least,
> allow for pattern matching with the matches operator across lines, which the
> current implementation no longer allows.
>
> What's displayed to in the packet details pane and what's the value of the
> field
> from the point of view of Copy > Value and of operators testing the field
> value
> aren't necessarily the same. (From the internal point of view, a field_info
> structure:
>
> typedef struct field_info {
> header_field_info *hfinfo; /**< pointer to registered
> field
> information */
> gint start; /**< current start of data
> in field_info.ds_tvb
> */
> gint length; /**< current data length of
> item in
> field_info.ds_tvb */
> gint appendix_start; /**< start of appendix data
> */
> gint appendix_length; /**< length of appendix
> data */
> gint tree_type; /**< one of ETT_ or -1 */
> guint32 flags; /**< bitfield like
> FI_GENERATED, ... */
> item_label_t*rep; /**< string for GUI tree */
> tvbuff_t*ds_tvb; /**< data source tvbuff */
> fvalue_t value;
> } field_info;
>
> has a "rep" field, showing the "string for GUI tree" (or for the output of
> tshark -
> V, or...), and a "value" field, storing the field value.
Yes, of course, I'm fully aware of that. But displaying the full text, even if
truncated, allows one to at least view part of the answer (if not all of it in
some cases) without necessarily needing to expand it to view each line.
- Chris
CONFIDENTIALITY NOTICE: This message is the property of International Game
Technology PLC and/or its subsidiaries and may contain proprietary,
confidential or trade secret information. This message is intended solely for
the use of the addressee. If you are not the intended recipient and have
received this message in error, please delete this message from your system.
Any unauthorized reading, distribution, copying, or other use of this message
or its attachments is strictly prohibited.
___
Sent via:Wireshark-dev mailing list
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
