This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Recursive XML DTD

0

I have some proprietary HTTP/XML that I was wanting Wireshark to be able to parse and use as a display filter, so I started writing a DTD that Wireshark could deal with. It seems to work until I get to the second instance of an element in the filter, at which point it claims that the filter is invalid.

This is the DTD I've generated:

<?wireshark:protocol proto_name="myxml" hierarchy="yes" ?>
<!ELEMENT methodCall (methodName,params) >
<!ELEMENT methodName (#PCDATA) >
<!ELEMENT params (param+) >
<!ELEMENT param (value) >
<!ELEMENT value (array|string|struct) >
<!ELEMENT struct (member) >
<!ELEMENT member (name,value) >
<!ELEMENT name (#PCDATA) >
<!ELEMENT array (data+) >
<!ELEMENT data (value) >
<!ELEMENT string (#PCDATA) >

(No comments about the ridiculousness of this structure; I'm documenting someone else's crap, not defining it.)

The filter I'm trying to write is:

myxml.params.param.value.struct.member.value

It works if I leave the last value off, and it works if I use name instead of the last value.

On the XML entry in the Wireshark Wiki, it says:

Recursion in elements is stopped abruptly the second time the same element is found a "root name" will be used instead.

It is unclear if that is in the context of the hierarchy attribute that it immediately follows, or if it's a new thought, despite the fact that elements aren't introduced in the document until later. Also, it's not a valid English sentence, which makes it that much harder to understand. (It may need nothing more than a period, but I'm not sure.)

I have the feeling that it's trying to say that using recursion in an XML/DTD filter is unsupported, and has nothing to do with setting the hierarchy option or not. Can anyone confirm or deny Wireshark's ability to use recursive XML/DTD filters?

asked 04 Feb '14, 10:00

wfaulk's gravatar image

wfaulk
1112
accept rate: 0%

edited 04 Feb '14, 10:04