Re: Regarding display filter- how to redesign code to incorporate expressions other than protocols?

[Guy Harris <guy () alum mit edu>]

On Apr 18, 2014, at 2:13 PM, Ateeth Kumar Thirukkovulur <athirukkovulur () uh edu> wrote:

> I want to know if there is any way to redesign the wireshark filter to incorporate algebraic expressions instead of 
> filtering using protocols?

Filtering *already* uses more than just protocols - it uses fields from protocols, for example, "ip.src == 127.0.0.1" 
or "ip.len == 1024".

An algebraic expression, in order to be a *useful* filter, would have to incorporate variables of some sort; neither 
"(5 + 3)*2 == 16" nor "(5 + 3)*2 == 17" are particularly interesting filters (the first one would match all packets, 
the second one would match no packets).

So you'd need some sort of variables; if the variables are fields from protocols, adding support for arithmetic 
operators, for example, "foo.len1 - foo.len2 == 30", isn't really a "redesign", it's just an enhancement.

Is that what you're talking about?
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe