How do display filters work internally?

[Joerg Mayer <jmayer () loplof de>]

Hello List,

I fail to understand how display filters work internally. I'm still trying
to get my generic ip.addr filter working, but I seem to lack some understanding
on how display filters work.

It looks like putting an "alien" protocol filter into the hf array will work,
as ip.version inside packet-ipv6.c shows: The field is shown and filterable.
Putting the ip.addr field vom packet-ip.c into all uses of ipv4 addresses
(everything of type FT_IPv4) will show it, but it won't be filterable (neither
existence nor value).

Can someone please fill in some info how display filtering works?

Thanks
   Joerg
-- 
Joerg Mayer                                           <jmayer () loplof de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.

Attachment: ip.addr.proto-v3.patch
Description:

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe