Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Display Filter Macros of currently selected packet fields?

From: "Luis EG Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Mon, 30 Jul 2007 15:21:23 +0200
Where in gtk/*.c a packet gets selected?


On 7/25/07, Luis EG Ontanon <luis.ontanon@xxxxxxxxx> wrote:
> On 7/25/07, Ulf Lamping <ulf.lamping@xxxxxx> wrote:
> > Luis EG Ontanon schrieb:
> > > On 7/25/07, Luis EG Ontanon <luis.ontanon@xxxxxxxxx> wrote:
> > >
> > >> If we consider this dynamic condition that a filter can be correct or
> > >> incorrect depending on when it is compiled this is feasable (and a
> > >> nice feature too!)...
> > >>
> > >
> > > One last thing I will have to redissect the selected frame each time a
> > > the filter is entered...
> > >
> > > how do I do that?
> > >
> > Without having a look at the code: I would think that's done mostly the
> > same way when a packet is selected in the packet list today.
> >
> > But do you really have to redissect the packet? The protocol tree for
> > the selected packet is already existing, so scanning the filter string
> > for the field names and replacing them with the current values might
> > simply work, but I'm probably too optimistic here ;-)
>
> Yes you are optimistic... "the tree" would belong to the last
> dissected packet... which often is the selected one but there are
> cases (e.g. live capture) where "the tree" is not the one of the
> selected frame.
>
> However I thought that what I have to do is to "cache" the represented
> strings when the packet is selected and somehow pass that cache to the
> dfmacro engine.
>
> I think these "dynamic-macros" will be $[field.name] using '['
> instead of '{'  for these will make everything much simpler.
>
>
> > Regards, ULFL
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
>
>
> --
> This information is top security. When you have read it, destroy yourself.
> -- Marshall McLuhan
>


-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan