Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] dfilter-modifications and inclusion of lib_ethereal.so

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Håvard H Garnes <hhg@xxxxxxxxxx>
Date: Mon, 18 Jul 2005 12:53:29 +0200
> >>>The new filter-addition is the keyword "return 'field'" which returns
> >>>the field-value in place of a gboolean from dfvm_apply.
> >>
> >>Do you have an example of how that would be used?
> > 
> > this could be used to do for example
> > 
> > return http.request.host
> > or
> > return mime_mulitpart.type
> > or
> > return ip.len
> > 
> > or almost any header or prootocol-information ethereal can handle.
> 
> So would that be used as part of a display filter, or would that be the 
> entire filter expression?
> 
> I.e., is this just a way to request the value of (the first instance of) 
> a particular field in a packet?  If so, there might now be APIs to 
> extract that, which applications that would use that keword would use.

Yep. That's it. And that is why I wrote the list with a question about
this three weeks ago. Perhaps the question was not understandable.
However, if there are good ways of doing this without the ugly hack of
the display-filter-code, I would love to hear about them.

Håvard.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube