Wireshark-dev: Re: [Wireshark-dev] Its possible to build and run wireshark from IDE
From: Jakub Zawadzki <[email protected]>
Date: Thu, 08 Nov 2018 21:00:38 +0100
Hello Tomer,

W dniu 2018-11-08 10:46, Guy Harris napisał(a):
On Nov 8, 2018, at 12:52 AM, Dario Lombardo <[email protected]> wrote:

On Wed, Nov 7, 2018 at 5:39 PM Tomer Bar <[email protected]> wrote:
i want to expose the validation of the display filter and use it like service?
any idea?
Do you want to do it programmatically (I mean you have a C code and 
you want to link with wireshark in some way) or can you do it running 
binary tshark?
If the latter, you can run "tshark -Y FILTER" and check the return 
code. 2 means error in the filter. You need something more that that, 
but it may be a starting point.
Or use "dftest FILTER" - redirect its standard output and error to the
null device (/dev/null on UN*X or NUL: on Windows), and check the exit
status - again, 2 is an error, 0 is no error:
(...)
if you would like to have JSON output instead you can use sharkd:

$ echo '{"req":"check","filter":"ip.addr == 127.0.0.1"}' | build/run/sharkd - 2>/dev/null
{"err":0,"filter":"ok"}

for HTTP service you can use demo.webshark.io:

$ wget -q -O - 'http://demo.webshark.io/webshark/json?req=check&filter=ip.addr != 127.0.0.1'; echo
{"err":0,"filter":"warn"}

filter JSON key can be also like:
{"err":0,"filter":"\"foobar\" is not a valid hostname or IPv4 address."}
<self:advertisement />