Wireshark-dev: Re: [Wireshark-dev] one possible way to speed up filtering
From: didier <[email protected]>
Date: Thu, 19 Mar 2009 23:30:46 +0100

Le mercredi 18 mars 2009 à 23:05 +0800, yami a écrit :
> Thanks, I've written a page in Wiki:
>   http://wiki.wireshark.org/Development/FastFiltering
Nice work.

- If compiled without NDEBUG defined I get a failed assert:
epan/dfilter/wslimmat.c :1680 : fix_variables:  "v->assignment == v"

valgrind doesn't complain and it seems to work with NDEBUG but only for
simple stuff ie udp && dns, something like !(tcp.stream eq 1)
&& !(tcp.stream eq 2) doesn't return the right result.
follow TCP stream, filter out this stream, follow TCP this stream, and
so on.  
Does it work for you?

- stupid but Limmat uses the original BSD license which is incompatible
with the GPL.

- On the other hand if expressions are made incrementally via popup
menus is a full SAT solver need?

Something like
tcp.stream eq 1 --> H1

!(tcp.stream eq 1) --> !H1 --> H2

tcp.stream eq 2 --> H3

!(tcp.stream eq 1) && !(tcp.stream eq 2) --> H2 && !H3

may be good enough.