Re: Regarding display filter- how to redesign code to incorporate expressions other than protocols?

[Guy Harris <guy () alum mit edu>]

On Apr 19, 2014, at 11:58 AM, Ateeth Kumar Thirukkovulur <athirukkovulur () uh edu> wrote:

> Not exactly.
>
> Suppose I want to include a NOT operator in the display filter. Say "! tcp". Which code must I change? I know it 
> already exists. Where do I include the symbols n expressions for newly added terms.
>
> Do you get what I am saying?

No, not really.

If you mean "how do I support new operators in packet-matching expressions", you'd:

        change epan/dfilter/scanner.l to add the new operator as a lexical-analyzer token;

        change epan/dfilter/grammar.lemon to handle that token as part of the grammar, translating them into new 
"instructions" in the "display filter virtual machine";

        change epan/dfilter/dfvm.c to support those new "instructions".

If you mean "how do I support some particular *type* of new operators", you'd need to tell us what those new operators 
are and what semantics they have, so we can indicate what *particular* changes would be needed to those files.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe