Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Display filter implementation

From: Gilbert Ramirez <gram@xxxxxxxxxxxxxxx>
Date: Wed, 4 Jul 2012 06:20:02 -0700

There is a makefile target called dftest that is used to test the display filter engine. Its dependencies are the minimal set of dependencies you need.

Gilbert

On Jul 4, 2012 3:18 AM, "Lloyd" <lloydkl.tech@xxxxxxxxx> wrote:
On Wed, Jul 4, 2012 at 12:05 AM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Jul 2, 2012, at 8:12 AM, Lloyd wrote:
>
>> I would like to know more about Wireshark display filters. Is its
>> internals are documented? Especially the display filter execution
>> virtual machine's instruction set.
>>
>> I saw the instructions (Byte code) in the source tree, I would like to
>> know more about it, any documentation available?
>
> None other than the source code and whatever comments are in it.
>
> Note that we make no guarantee that any detail of the implementation is fixed and unchanging, so the way it works internally now might not be the way it works internally in the future.  (We should preserve the way it works for users, modulo fixing bugs and making extensions and perhaps dealing better with character encodings.)  I'm not *anticipating* major changes; I'm just saying you shouldn't depend on, for example, the byte code never changing in an incompatible fashion.)
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

Thanks Guy Harris. Would like to know one more thing, is it possible
to build display filter module alone in the Windows environment? If
not in Windows at least in Linux? Does it has complex dependencies?

Thanks,
  Lloyd
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe