On Wed, Jul 26, 2000 at 02:23:27PM +0900, Richard Sharpe wrote:
> display filters are of the form:
>
> arp.hw.type == 1
>
> But the hw.type bears little relationship with the field displayed in the
> tree view, which is "Hardware type".
>
> A user has to look in the man page, or the source, to figure out what the
> field name is, and dissector writers have to update the documentation when
> they add new fields, or no one will know about them.
>
> This is a very poor situation.
>
> I can think of a couple of ways around this:
>
> 1. Add code that allows users to find the mapping between field names and
> the name in the tree view. Such information is available in the
> registration table that a dissector provides to allow filtering.
Done. If you click on the "Filter:" button next to the text box for a
display filter, and then click on the "Add Expression..." button in the
dialog box popped up by the "Filter:" button, and then open up the
"Address Resolution Protocol" section in the dialog box popped up by the
"Add Expression..." button, it'll show a list of fields supported for
ARP, including "Hardware type".
If you then select "Hardware type", the "Accept" button will enter
"arp.hw.type" into the "Filter string" text box in the "Filters" dialog
box for you. If you select "==" as the "Relation", a list of the
hardware type names is displayed, and you can click on one of them to
fill in the "Value" text box with the value for that hardware type
(e.g., click on "Ethernet" to get 0x1 entered) - click on "Accept" now
and you get
arp.hw.type == 0x1
entered into the "Filter string" text box.
Clicking on "OK" or "Apply" in the "Filters" dialog box will make that
filter string (the one in the "Filter string" text box) the current
display filter.