| Bug ID |
9480
|
| Summary |
new dfilter function num_items()
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
unspecified
|
| Hardware |
x86
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Major
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
I'd like to add a dfilter function num_items(). It takes a field name as
parameter and returns the number of occurrences in a packet.
This allows for filters such as
num_items(ip.addr)>=2
to match packets that contain two or more IP addresses.
This example might not be too useful. However, there's many scenarios for
digital tv where a packet contains a loop with entries for each TV service or
each frequency. I'd like to filter based on the number of items, regardless of
their content.
After playing with dfilter, I came up with the attached patch. Could you have a
look and let me know if you see some issues with this?
If not, I'll commit it in a couple of days.
Thanks,
Martin
You are receiving this mail because:
- You are watching all bug changes.