This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I have some proprietary HTTP/XML that I was wanting Wireshark to be able to parse and use as a display filter, so I started writing a DTD that Wireshark could deal with. It seems to work until I get to the second instance of an element in the filter, at which point it claims that the filter is invalid.

This is the DTD I've generated:

<?wireshark:protocol proto_name="myxml" hierarchy="yes" ?>
<!ELEMENT methodCall (methodName,params) >
<!ELEMENT methodName (#PCDATA) >
<!ELEMENT params (param+) >
<!ELEMENT param (value) >
<!ELEMENT value (array|string|struct) >
<!ELEMENT struct (member) >
<!ELEMENT member (name,value) >
<!ELEMENT name (#PCDATA) >
<!ELEMENT array (data+) >
<!ELEMENT data (value) >
<!ELEMENT string (#PCDATA) >

(No comments about the ridiculousness of this structure; I'm documenting someone else's crap, not defining it.)

The filter I'm trying to write is:

myxml.params.param.value.struct.member.value

It works if I leave the last value off, and it works if I use name instead of the last value.

On the XML entry in the Wireshark Wiki, it says:

Recursion in elements is stopped abruptly the second time the same element is found a "root name" will be used instead.

It is unclear if that is in the context of the hierarchy attribute that it immediately follows, or if it's a new thought, despite the fact that elements aren't introduced in the document until later. Also, it's not a valid English sentence, which makes it that much harder to understand. (It may need nothing more than a period, but I'm not sure.)

I have the feeling that it's trying to say that using recursion in an XML/DTD filter is unsupported, and has nothing to do with setting the hierarchy option or not. Can anyone confirm or deny Wireshark's ability to use recursive XML/DTD filters?

asked 04 Feb '14, 10:00

wfaulk's gravatar image

wfaulk
1112
accept rate: 0%

edited 04 Feb '14, 10:04

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×165
×36
×2

question asked: 04 Feb '14, 10:00

question was seen: 2,390 times

last updated: 04 Feb '14, 10:04

p​o​w​e​r​e​d by O​S​Q​A