Wireshark-dev: Re: [Wireshark-dev] Display filter implementation
From: Guy Harris <[email protected]>
Date: Tue, 3 Jul 2012 11:35:14 -0700
On Jul 2, 2012, at 8:12 AM, Lloyd wrote:

> I would like to know more about Wireshark display filters. Is its
> internals are documented? Especially the display filter execution
> virtual machine's instruction set.
> I saw the instructions (Byte code) in the source tree, I would like to
> know more about it, any documentation available?

None other than the source code and whatever comments are in it.

Note that we make no guarantee that any detail of the implementation is fixed and unchanging, so the way it works internally now might not be the way it works internally in the future.  (We should preserve the way it works for users, modulo fixing bugs and making extensions and perhaps dealing better with character encodings.)  I'm not *anticipating* major changes; I'm just saying you shouldn't depend on, for example, the byte code never changing in an incompatible fashion.)