Re: What ftypes are "compatible" enough for duplicate fields?

[Hadriel Kaplan <hadriel.kaplan () oracle com>]

On Feb 21, 2014, at 6:36 PM, Guy Harris <guy () alum mit edu> wrote:

> On Feb 21, 2014, at 12:08 PM, Hadriel Kaplan <hadriel.kaplan () oracle com> wrote:
>
> > Also, FT_IPv4 and FT_IPv6 are frequently in duplicate fields.  Should they be/not-be?  Display filter 
> > input/verification might have issues with it, but it seems logical to have generic "foo.src"/"foo.dst"/etc. fields 
> > of both types.
>
> The one place where we're doing that with ".src" and ".dst" is in the PGM dissector; in, for example, a Source Path 
> Message, there's a field specifying the Address Family Indicator (AFI) for the source address and another specifying 
> the address, which could be IPv4, IPv6, or, in theory, a number of other types.

And it's also done in: h245.network, h248.address, mih.mihf_id, openflow_v4.oxm.value, openflow_v5.oxm.value, 
pflog.saddr, rsip.parameter.address, rsvp.notify_request.notify_node_address_ipv4, sap.originating_source, 
sflow_245.nexthop, and a bunch in pim.

I don't know if it actually works properly as display filters, however, in a capture/file of mixed address families.

-hadriel

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe