On Nov 8, 2018, at 12:52 AM, Dario Lombardo <lomato@xxxxxxxxx> wrote:
> On Wed, Nov 7, 2018 at 5:39 PM Tomer Bar <tomer.turmanbar@xxxxxxxxx> wrote:
>> i want to expose the validation of the display filter and use it like service?
>> any idea?
>
> Do you want to do it programmatically (I mean you have a C code and you want to link with wireshark in some way) or can you do it running binary tshark?
> If the latter, you can run "tshark -Y FILTER" and check the return code. 2 means error in the filter. You need something more that that, but it may be a starting point.
Or use "dftest FILTER" - redirect its standard output and error to the null device (/dev/null on UN*X or NUL: on Windows), and check the exit status - again, 2 is an error, 0 is no error:
$ build/run/dftest 'not a valid filter' >/dev/null 2>&1
$ echo $?
2
$ build/run/dftest 'ip.addr == 127.0.0.1' >/dev/null 2>&1
$ echo $?
0
