> |Given a value V, i want to filter out all messages where the
> |parameter A == V.
> |That is quite easy.
> |
> |But I also want to filter out all messages where the parameter
> |B is equal
> |to any of the B-parameters found in the messages filtered out
> |by the filter A == x.
>
> So you want to do:
> 1. set_1 = { all packets for which A == V )
> 2. set_2 = { all distinct B values from set_1 }
> |Is it possible to adapt the ethereal code to implement such a
> |filtering mechanism?
>
> Mmh... I see one possibility, which implies a considerable rewrite of the
> display filter language, or the addition of a new filter/expression
> language
> that does not necessarily yield matching packets. Maybe we can provide a
> SQLish language for this purpose? Additionally, we'll need an output
> "console" as the result will not necessarily be a packet list.
It seems to me that the issue is "state". I do not know of any ethereal
filters that can be based on the values of previous packets, per se. In
fact, I think the filtering is totally stateless.
That said, one could, in theory, create a tap that accessed a scripting
language such as perl. One could then write a perl script to do what you
want. IIRC, adding a general purpose scripting tool was (at least at one
time) part of the wish list.
--john