Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] one possible way to speed up filtering

From: didier <dgautheron@xxxxxxxx>
Date: Thu, 19 Mar 2009 23:30:46 +0100
Hi,

Le mercredi 18 mars 2009 ᅵ 23:05 +0800, yami a ᅵcrit :
> Thanks, I've written a page in Wiki:
>   http://wiki.wireshark.org/Development/FastFiltering
Nice work.

- If compiled without NDEBUG defined I get a failed assert:
epan/dfilter/wslimmat.c :1680 : fix_variables:  "v->assignment == v"

valgrind doesn't complain and it seems to work with NDEBUG but only for
simple stuff ie udp && dns, something like !(tcp.stream eq 1)
&& !(tcp.stream eq 2) doesn't return the right result.
ie:
follow TCP stream, filter out this stream, follow TCP this stream, and
so on.  
Does it work for you?

- stupid but Limmat uses the original BSD license which is incompatible
with the GPL.

- On the other hand if expressions are made incrementally via popup
menus is a full SAT solver need?

eg:
Something like
tcp.stream eq 1 --> H1

!(tcp.stream eq 1) --> !H1 --> H2

tcp.stream eq 2 --> H3

!(tcp.stream eq 1) && !(tcp.stream eq 2) --> H2 && !H3

may be good enough.

Didier