Re: [Wireshark-commits] master 8d65ccf: Show answers a line at a time, after the request frame and time delta.

["Maynard, Chris via Wireshark-dev" <wireshark-dev () wireshark org>]

> -----Original Message-----
> From: Guy Harris [mailto:guy () alum mit edu]
> Sent: Wednesday, December 25, 2019 3:19 PM
> To: Maynard, Chris <Christopher.Maynard () IGT com>
> Cc: Developer support list for Wireshark <wireshark-dev () wireshark org>
> Subject: Re: [Wireshark-dev] [Wireshark-commits] master 8d65ccf: Show
> answers a line at a time, after the request frame and time delta.
>
> On Dec 25, 2019, at 10:44 AM, Maynard, Chris
> <Christopher.Maynard () IGT com> wrote:
>
> > Or revert this change so whois.answer reflects the entire answer again, but
> add each line underneath the answer using a different filter, such as
> "whois.answer.line"?
>
> We could, but I think going back to the way it was before would be a bad idea.
>
> > I would prefer this solution as the answer is the entire answer and each line is
> only part of the answer.
>
> The argument could be made for other text protocols.  The problem is that "the
> entire answer" is hard to read.
>
> > For example:
> > V WHOIS: Answer
> >           V Answer [truncated]: % IANA WHOIS server\n% for more information
> on IANA, visit http://www.iana.org\n% This query returned 1 object\n\n
> domain:       EXAMPLE.COM\n\norganisation: Internet Assigned Numbers
> Authority\n\n created:      1992-01-
>
> Note the word "truncated" here.  That's not a good thing.
>
> >                    Line 1: % IANA WHOIS server\n
> >                    Line 2: % for more information on IANA, visit
> http://www.iana.org\n
> >                    Line 3: % This query returned 1 object\n
> >                    Line 4: \n
> >                    Line 5: domain:       EXAMPLE.COM\n
> >                    Line 6: \n
> >                    Line 7: organisation: Internet Assigned Numbers Authority\n
> >                    Line 8: \n
> >                    Line 9: created:      1992-01-01\n
> >                    Line 10: source:       IANA\n
> >                    Line 11: \n
>
> Something that displays it in *that* fashion, with each line shown underneath
> an item for the entire {WHOIS answer, SMTP mail message, HTTP/SIP/etc.
> header, HTTP text payload, etc.}, might be the right way to handle text
> protocols.
>
> And, given that, is there any need to show the full text in the top-level item?

Well, showing the full text allows for full "Copy -> Value" to continue to work, and including the full text in a 
single "whos.answer" should, in theory at least, allow for pattern matching with the matches operator across lines, 
which the current implementation no longer allows.  I write, "in theory", because I can't seem to successfully get this 
to actually work using master, 3.2.0 or 3.0.7.  For example, I'd expect whois.answer ~ "Domain.*TERMS OF USE" to match 
frame 11 of the whois.pcap capture file attached to Bug 16291 
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16291), but this doesn't work.  In fact, a lot of regex's seem to 
fail.  Maybe I'm doing something wrong or maybe something is broken?  I'll have to try to investigate this further 
another day - the kids want their new toys assembled. :)

- Chris

CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and 
may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the 
addressee. If you are not the intended recipient and have received this message in error, please delete this message 
from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is 
strictly prohibited.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe