Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] How to use/access the display filter functions of ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Mon, 25 Jul 2005 11:18:51 -0700
Michel Hautle wrote:


can someone tell me how I can access the display filter functions of
ethereal from the outside? Is there somewhere a documentation which
describes the functions of each library (the name of the function, its
parameters and a little example, ...)?
No - there's no documentation for libethereal (and such documentation could be viewed as a commitment on our part not to change the APIs, but I, at least, am not ready to make such a commitment). 


Or can someone tell me how I might
access the display filter functions from outside?
dfilter_compile() takes a string containing a display filter expression and a pointer to a "dfilter_t *" (a pointer to a pointer) as arguments, and either: 

	returns TRUE and sets that pointer to point to the compiled display filter

or
returns FALSE and sets the global variable "dfilter_error_msg" to point to a string describing what's wrong with the display filter expression. 

(Speaking of API changes, it might make more sense either to

	1) return NULL on success and an error message string on failure

or
2) return the compiled filter pointer on success and NULL on error, and perhaps return the error message through another argument, although that might require a bit more internal work so that the parser and lexical analyzer have access to a non-global (per-parse) structure into which to put the error message.)
Before running epan_dissect_run() on an epan_dissect_t, call epan_dissect_prime_dfilter() on the epan_dissect_t, supplying the pointer to the dfilter_t. After epan_dissect_run() has finished, call dfilter_apply_edt(), passing it the dfilter_t pointer and the epan_dissect_t pointer; it returns TRUE if the filter passes and FALSE if it doesn't. 

Call dfilter_free() when you're done with the filter.


I'm asking because I'd like to use the display filter of ethereal in java
(which should be possible? ->
http://www.eclipse-plugins.info/eclipse/plugin_details.jsp?id=862 ).
Eclipse is an IDE, right? It seems odd to plug a protocol analyzer into an IDE, unless Eclipse isn't really an IDE, but is more like an entire universe/shell, along the lines of GNU EMACS ("the LISP machine that pretends it's a text editor" :-)).
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube