diff options
-rw-r--r-- | doc/wireshark-filter.pod | 24 | ||||
-rw-r--r-- | docbook/release-notes.asciidoc | 3 | ||||
-rw-r--r-- | docbook/wsug_src/WSUG_chapter_work.asciidoc | 4 | ||||
-rw-r--r-- | epan/ftypes/ftype-pcre.c | 4 |
4 files changed, 21 insertions, 14 deletions
diff --git a/doc/wireshark-filter.pod b/doc/wireshark-filter.pod index 0b8613de4c..a6ef64f58a 100644 --- a/doc/wireshark-filter.pod +++ b/doc/wireshark-filter.pod @@ -56,8 +56,8 @@ C-like symbols: Additional operators exist expressed only in English, not C-like syntax: contains Does the protocol, field or slice contain a value - matches, ~ Does the protocol or text string match the given Perl - regular expression + matches, ~ Does the protocol or text string match the given + case-insensitive Perl-compatible regular expression The "contains" operator allows a filter to search for a sequence of characters, expressed as a string (quoted or unquoted), or bytes, @@ -73,15 +73,21 @@ such as numbers or IP addresses. The "matches" or "~" operator allows a filter to apply to a specified Perl-compatible regular expression (PCRE). The "matches" operator is only implemented for protocols and for protocol fields with a text string -representation. For example, to search for a given WAP WSP User-Agent, -you can write: +representation. Matches are case-insensitive by default. For example, +to search for a given WAP WSP User-Agent, you can write: - wsp.user_agent matches "(?i)cldc" + wsp.user_agent matches "cldc" -This example shows an interesting PCRE feature: pattern match options have to -be specified with the B<(?>optionB<)> construct. For instance, B<(?i)> performs -a case-insensitive pattern match. More information on PCRE can be found in the -pcrepattern(3) man page (Perl Regular Expressions are explained in +This would match "cldc", "CLDC", "cLdC" or any other combination of upper +and lower case letters. + +You can force case sensitivity using + + wsp.user_agent matches "(?-i)cldc" + +This is an example of PCRE's B<(?>optionB<)> construct. B<(?-i)> performs a +case-sensitive pattern match but other options can be specified as well. More +information can be found in the pcrepattern(3) man page at L<http://perldoc.perl.org/perlre.html>). =head2 Functions diff --git a/docbook/release-notes.asciidoc b/docbook/release-notes.asciidoc index f5e88a2b5c..2b361f30f8 100644 --- a/docbook/release-notes.asciidoc +++ b/docbook/release-notes.asciidoc @@ -28,8 +28,9 @@ used for troubleshooting, analysis, development and education. The following features are new (or have been significantly updated) since version 2.4.0: - * Add color support for TShark with --color option (non-Windows only) +* Add color support for TShark with --color option (non-Windows only) * TCP Analysis will detect and flag more spurious retransmissions. +* The "matches" display filter operator is now case-insensitive. //=== Removed Dissectors diff --git a/docbook/wsug_src/WSUG_chapter_work.asciidoc b/docbook/wsug_src/WSUG_chapter_work.asciidoc index 6047e2ad45..819d7601b5 100644 --- a/docbook/wsug_src/WSUG_chapter_work.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_work.asciidoc @@ -367,8 +367,8 @@ anywhere in the header. http.host matches "acme\.(org|com|net)" ---- The example above match HTTP packets where the HOST header contains acme.org or acme.com -or acme.net. Note: Wireshark needs to be built with libpcre in order to be able to use the -+matches+ resp. +~+ operator. +or acme.net. Comparisons are case-insensitive. Note: Wireshark needs to be built with +libpcre in order to be able to use the +matches+ resp. +~+ operator. ---- tcp.flags & 0x02 ---- diff --git a/epan/ftypes/ftype-pcre.c b/epan/ftypes/ftype-pcre.c index 5de0746bcd..05ad14a1ad 100644 --- a/epan/ftypes/ftype-pcre.c +++ b/epan/ftypes/ftype-pcre.c @@ -74,13 +74,13 @@ static gboolean val_from_string(fvalue_t *fv, const char *pattern, gchar **err_msg) { GError *regex_error = NULL; - GRegexCompileFlags cflags = G_REGEX_OPTIMIZE; + GRegexCompileFlags cflags = (GRegexCompileFlags)(G_REGEX_CASELESS | G_REGEX_OPTIMIZE); /* Set RAW flag only if pattern requires matching raw byte sequences. Otherwise, omit it so that GRegex treats its input as UTF8-encoded string. */ if (raw_flag_needed(pattern)) { - cflags = (GRegexCompileFlags)(G_REGEX_OPTIMIZE | G_REGEX_RAW); + cflags = (GRegexCompileFlags)(cflags | G_REGEX_RAW); } /* Free up the old value, if we have one */ |