Wireshark mailing list archives
Re: Regarding display filter- how to redesign code to incorporate expressions other than protocols?
From: Ateeth Kumar Thirukkovulur <athirukkovulur () uh edu>
Date: Sat, 19 Apr 2014 13:58:58 -0500
Not exactly. Suppose I want to include a NOT operator in the display filter. Say "! tcp". Which code must I change? I know it already exists. Where do I include the symbols n expressions for newly added terms. Do you get what I am saying? On Apr 18, 2014 4:38 PM, "Guy Harris" <guy () alum mit edu> wrote:
On Apr 18, 2014, at 2:13 PM, Ateeth Kumar Thirukkovulur < athirukkovulur () uh edu> wrote:I want to know if there is any way to redesign the wireshark filter toincorporate algebraic expressions instead of filtering using protocols? Filtering *already* uses more than just protocols - it uses fields from protocols, for example, "ip.src == 127.0.0.1" or "ip.len == 1024". An algebraic expression, in order to be a *useful* filter, would have to incorporate variables of some sort; neither "(5 + 3)*2 == 16" nor "(5 + 3)*2 == 17" are particularly interesting filters (the first one would match all packets, the second one would match no packets). So you'd need some sort of variables; if the variables are fields from protocols, adding support for arithmetic operators, for example, "foo.len1 - foo.len2 == 30", isn't really a "redesign", it's just an enhancement. Is that what you're talking about? ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Regarding display filter- how to redesign code to incorporate expressions other than protocols? Ateeth Kumar Thirukkovulur (Apr 18)
- Re: Regarding display filter- how to redesign code to incorporate expressions other than protocols? Guy Harris (Apr 18)
- Re: Regarding display filter- how to redesign code to incorporate expressions other than protocols? Ateeth Kumar Thirukkovulur (Apr 19)
- Re: Regarding display filter- how to redesign code to incorporate expressions other than protocols? Guy Harris (Apr 19)
- Re: Regarding display filter- how to redesign code to incorporate expressions other than protocols? Ateeth Kumar Thirukkovulur (Apr 20)
- Re: Regarding display filter- how to redesign code to incorporate expressions other than protocols? Ateeth Kumar Thirukkovulur (Apr 19)
- Re: Regarding display filter- how to redesign code to incorporate expressions other than protocols? Guy Harris (Apr 18)