Wireshark-dev: Re: [Wireshark-dev] Regarding display filter- how to redesign code to incorporat
Yes thats what I was looking for. Thank you.
Well I am interested in using newly created expressions to filter packets that are related. Indirectly what i want is end to end host filtering(not based on protocols).
Also
For eg,
Suppose there is an ARP reply from a given host address. I also want wireshark to display the ARP request of that host only....So what I am saying is that wireshark should display only ARP reply and the ARP request of the particular host. It shouldnt display the previous ARP packets from that host. Maybe like the last 2 packets - ARP reply and ARP request so that those 2 packets can be monitored in detail.
Ateeth Kumar Thirukkovulur
Research Assistant
College of Technology
UH ID:1267190
On Sat, Apr 19, 2014 at 2:12 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
No, not really.
On Apr 19, 2014, at 11:58 AM, Ateeth Kumar Thirukkovulur <athirukkovulur@xxxxxx> wrote:
> Not exactly.
>
> Suppose I want to include a NOT operator in the display filter. Say "! tcp". Which code must I change? I know it already exists. Where do I include the symbols n expressions for newly added terms.
>
> Do you get what I am saying?
If you mean "how do I support new operators in packet-matching expressions", you'd:
change epan/dfilter/scanner.l to add the new operator as a lexical-analyzer token;
change epan/dfilter/grammar.lemon to handle that token as part of the grammar, translating them into new "instructions" in the "display filter virtual machine";
change epan/dfilter/dfvm.c to support those new "instructions".
If you mean "how do I support some particular *type* of new operators", you'd need to tell us what those new operators are and what semantics they have, so we can indicate what *particular* changes would be needed to those files.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- [Wireshark-dev] Regarding display filter- how to redesign code to incorporate expressions other than protocols?
- From: Ateeth Kumar Thirukkovulur
- Re: [Wireshark-dev] Regarding display filter- how to redesign code to incorporate expressions other than protocols?
- From: Guy Harris
- Re: [Wireshark-dev] Regarding display filter- how to redesign code to incorporate expressions other than protocols?
- From: Ateeth Kumar Thirukkovulur
- Re: [Wireshark-dev] Regarding display filter- how to redesign code to incorporate expressions other than protocols?
- From: Guy Harris
- [Wireshark-dev] Regarding display filter- how to redesign code to incorporate expressions other than protocols?
- Prev by Date: Re: [Wireshark-dev] How can Wireshark improve
- Next by Date: Re: [Wireshark-dev] How can Wireshark improve
- Previous by thread: Re: [Wireshark-dev] Regarding display filter- how to redesign code to incorporate expressions other than protocols?
- Next by thread: [Wireshark-dev] How can Wireshark improve
- Index(es):