|From: Henric Bergenwall
|
|
|Hi!
|
|Assume that we have a protocol with only two parameters:
|
| 0 1 2 3
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|| A | B |
|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
|Given a value V, i want to filter out all messages where the
|parameter A == V.
|That is quite easy.
|
|But I also want to filter out all messages where the parameter
|B is equal
|to any of the B-parameters found in the messages filtered out
|by the filter A == x.
So you want to do:
1. set_1 = { all packets for which A == V )
2. set_2 = { all distinct B values from set_1 }
This is not readily available today; however you may post-process Ethereal
output of your protocol dissection (e.g., in PDML format) once you applied
the first filter criterion (yielding a subset of packets).
|Is it possible to adapt the ethereal code to implement such a
|filtering mechanism?
Mmh... I see one possibility, which implies a considerable rewrite of the
display filter language, or the addition of a new filter/expression language
that does not necessarily yield matching packets. Maybe we can provide a
SQLish language for this purpose? Additionally, we'll need an output
"console" as the result will not necessarily be a packet list.
Regards,
Olivier