Folks,
Here's a diff which implements a "match selected" command as I
described earlier on this list.
Basically, the idea is as follows: You want to create a display filter
which matches a particular byte pattern at a particular offset in a
packet. Commonly, the byte pattern you want to match is actually
an existing entry/field in the packet. This filtering technique is
used by some testers here.
The "Match Selected" command under the Tools menu allows you to do
this. Basically, you select a packet, go into the tree view and select
an entry in the tree view (at any level). The corresponding bytes get
highlighted below in the data view. Now, you click Tools->Match
Selected. A display filter is created and applied in which all packets
which have the same bytepattern at the same position as you
highlighted, will be accepted in the filter. This technique works only
on Ethernet and FDDI frames (since only these are supported by the BPF
byte offset commands).
I'm facing one problem, though - I can't get the BPF filter command I
generate to appear in the text box. I took the technique in
follow_stream_cb and applied it to my function, but it doesn't
work. Somehow, gtk_object_get_data(GTK_OBJECT(w), ...) returns NULL in
my function but returns the pointer to the edit box widget in other
functions. Can anybody see what I'm doing wrong?
Comments/suggestions?
-Ashok
--
--- Ashok Narayanan ----------------------------------------
IOS Network Protocols, Cisco Systems
250 Apollo Drive, Chelmsford, MA 01824
Ph: 978-244-8387
Attachment:
match_selected.diff
Description: Binary data
