Re: Using the per-packet protocols string when filtering

[Guy Harris <guy () alum mit edu>]

On May 10, 2012, at 9:22 PM, Anders Broman wrote:

> Guy Harris skrev 2012-05-11 05:03:
> > On May 10, 2012, at 1:24 AM, Anders Broman wrote:
> >
> > > Filtering:
> > > - We have a string with per packet protocols, could that string be saved and used in filtering - don't dissect the 
> > > packet if it does not contain the filtered protocol.
> > If you're referring to the "frame.protocols", that is, unfortunately, computed as part of the process of dissecting 
> > the packet, so....
> But we do run trough all packets on the first pass, subsequent filtering could benefit.

Yes, but we don't *persistently store* the frame.protocols value for every frame - if we wanted to use it when 
filtering, we'd have to recompute it for each packet, and, as recomputing it involves dissecting the packet, that means 
it doesn't let us avoid dissecting the packet.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe