Is the list of protocols that IMSI goes across finite? Don't you really just want a "Conversation filter" that would be generated to include all the necessary protocols? The registering dissector has control over how the filter is constructed. Perhaps modify "Conversation filter menu item" to have 1-many relationship instead of current 1-1 if the necessary "dissector/filter data" can't otherwise be centrally handled? -----Original Message----- From: Anders Broman <anders.bro...@ericsson.com> To: wireshark-dev <wireshark-dev@wireshark.org> Sent: Mon, Aug 18, 2014 9:48 am Subject: [Wireshark-dev] Defining global filters?
Hi, How to define filters and display the data of fields that may occur in multiple protocols? One example is IMSI ( International Mobile Subscriber identity) that exists in multiple 3GPP and 3GPP2 protocols, following a call flow through the system it could be interesting to filter on IMSI across multiple protocols to build a filter covering all messages in the call flow. Suggestion: Create global_filters.[ch] in epan/dissectors or (packet-global_filters?) define functions to parse the data there and/or export the hf Variable to be used in the protocol dissectors. From GTPv2 current: : International Mobile Subscriber Identity (IMSI) : 262021030000050 IE Type: International Mobile Subscriber Identity (IMSI) (1) IE Length: 8 0000 .... = CR flag: 0 .... 0000 = Instance: 0 IMSI(International Mobile Subscriber Identity number): 262021030000050 : New International Mobile Subscriber Identity (IMSI) : 262021030000050 IE Type: International Mobile Subscriber Identity (IMSI) (1) IE Length: 8 0000 .... = CR flag: 0 .... 0000 = Instance: 0 IMSI(International Mobile Subscriber Identity number): 262021030000050 [Global filter IMSI : 262021030000050] Comments? Regards Anders ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
