Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Taps should not use fd->flags.passed_dfilter (rtp, iax2, flo

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Anders Broman <a.broman@xxxxxxxxxxxx>
Date: Fri, 16 Aug 2013 07:29:17 +0200
Jakub Zawadzki skrev 2013-08-15 14:04:
Hi,

Few GTK taps are using fd->flags.passed_dfilter as information whether
given packet is displayed, this is little broken and might not work as intended.

>From grep:
  ./ui/gtk/rtp_analysis.c
  ./ui/gtk/iax2_analysis.c
  ./ui/gtk/flow_graph.c

flow_graph requres clicking OK to trigger graph_analysis_update() 
so it doesn't change when refiltering 
(but if you close file and click some packet it'll nicely crash :)).


but if you are doing some rtp analysis and do refiltering like:
  frame.number == 1
  ## nothing changes

  frame.number == 2 
  ## only frame #1 shows in stream analysis

  frame
  ## only frame #2 shows in stream analysis

  empty filter
  ## all frames from rtp stream shows up


I don't have any iax2 capture file but it's probably broken like above.

Conversations tap and 'limit to display filter' is implemented properly (gratz!)
Attaching patch based on it.

I'm not doing any rtp analysis, so please advice if it's proper way.
Thanks.

Looks correct to me :-)
Regards
Anders

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube