https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6718
--- Comment #10 from Jose Pedro Oliveira <jpo@xxxxxxxxxxxx> 2012-03-05 12:23:03 PST ---
(In reply to comment #9)
> (In reply to comment #8)
> > (In reply to comment #7)
> > > (In reply to comment #6)
> > > > (In reply to comment #5)
...
> > Still regarding the if_filter option: should we allow this option to be
> > repeated? I'm asking this because I think it should be a good idea to also
> > store the wireshark's display filters.
> >
> > tshark -R "<display filter here>" -r in.pcapng -w out.pcapng
> >
> > Would it make sense to allow n display filters (keep the ones in the source
> > file add add the new one to the output file) ?
> >
> > tshark -R "<second display filter here>" -r out.pcapng -w out2.pcapng
> >
> > Note: The display filter needs to be registered ( 0 = lipbpcap filter string, 1
> > = libpcap byte code, 2 = wireshark display filter string ? )
> >
> > /jpo
>
> There is a thread just started on this subject on the developers mailing list.
I believe this is the ml thread in question:
* [Wireshark-dev] Store selected Wireshark prefs in pcapng capture file ?
https://www.wireshark.org/lists/wireshark-dev/201203/msg00057.html
> I would propose a new option "shb_ws_display_filter" Wireshark display filter
> string. Can occure multiple times.
>
> One could the build a GUI item with a list of the filters, which can be
> selected and applied. Possibly there should also be
> "shb_ws_display_filter_comment" coupled to the display filter where one could
> describe the filter.
I believe we are describing different use cases for the display filters:
* Your use case appears to be GUI oriented, ie, store all display filters the
user applied during a Wireshark session so that they can be reused in a
following session.
* In my use case it should be an IDB filter option as the new output file only
has packets matching the display filter (it works like a capture filter).
/jpo
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.