Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Regarding display filter- how to redesign code to incorporat

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sat, 19 Apr 2014 12:12:35 -0700
On Apr 19, 2014, at 11:58 AM, Ateeth Kumar Thirukkovulur <athirukkovulur@xxxxxx> wrote:

> Not exactly.
> 
> Suppose I want to include a NOT operator in the display filter. Say "! tcp". Which code must I change? I know it already exists. Where do I include the symbols n expressions for newly added terms.
> 
> Do you get what I am saying?

No, not really.

If you mean "how do I support new operators in packet-matching expressions", you'd:

	change epan/dfilter/scanner.l to add the new operator as a lexical-analyzer token;

	change epan/dfilter/grammar.lemon to handle that token as part of the grammar, translating them into new "instructions" in the "display filter virtual machine";

	change epan/dfilter/dfvm.c to support those new "instructions".

If you mean "how do I support some particular *type* of new operators", you'd need to tell us what those new operators are and what semantics they have, so we can indicate what *particular* changes would be needed to those files.