https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14430
Bug ID: 14430
Summary: Wireshark should not offer invalid completions for
capture filters
Product: Wireshark
Version: Git
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: Major
Priority: Low
Component: Qt UI
Assignee: bugzilla-ad...@wireshark.org
Reporter: g...@alum.mit.edu
Target Milestone: ---
Build Information:
Version 2.5.1 (v2.5.1rc0-104-gd332507e)
Copyright 1998-2018 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software;
see the source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.5.0, with libpcap, without POSIX capabilities, with
GLib 2.36.0, with zlib 1.2.8, with SMI 0.4.8, with c-ares 1.12.0, with Lua
5.2.4, with GnuTLS 3.4.17, with Gcrypt 1.7.7, with MIT Kerberos, with GeoIP,
with nghttp2 1.21.0, with LZ4, with Snappy, with libxml2 2.9.4, with
QtMultimedia, with SBC, with SpanDSP, with bcg729.
Running on Mac OS X 10.12.6, build 16G1036 (Darwin 16.7.0), with Intel(R)
Core(TM) i7-4980HQ CPU @ 2.80GHz (with SSE4.2), with 16384 MB of physical
memory, with locale en_US.UTF-8, with libpcap version 1.8.1 -- Apple version
67.60.2, with GnuTLS 3.4.17, with Gcrypt 1.7.7, with zlib 1.2.8, binary plugins
supported (13 loaded). Built using clang 4.2.1 Compatible Apple LLVM 9.0.0
(clang-900.0.39.2).
--
If, for example, you type "ip a" into the capture filter entry box in the main
screen, it offers "address1", "address2", "address3", and "address4" as
completions.
"ip address1 {anything}" is not a valid capture filter; "address1" is valid
only as an 802.11 MAC address.
Furthermore, unless you have a libpcap with the change that I just now checked
into the master branch, it may *crash* with "ip address1 {IP address or valid
host name}".
Note also that the official documented qualifiers for the four MAC addresses in
802.11 headers are "addr1", "addr2", "addr3", and "addr4"; to quote the
pcap-filter man page:
wlan addr1 ehost
True if the first IEEE 802.11 address is ehost.
wlan addr2 ehost
True if the second IEEE 802.11 address, if present, is ehost.
The second address field is used in all frames except for CTS
(Clear To Send) and ACK (Acknowledgment) control frames.
wlan addr3 ehost
True if the third IEEE 802.11 address, if present, is ehost.
The third address field is used in management and data frames,
but not in control frames.
wlan addr4 ehost
True if the fourth IEEE 802.11 address, if present, is ehost.
The fourth address field is only used for WDS (Wireless Distri-
bution System) frames.
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe