Ethereal-dev: Re: [ethereal-dev] Where are the filtered packets kept?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Gilbert Ramirez <gram@xxxxxxxxxx>
Date: Fri, 11 Jun 1999 20:52:46 -0500
On Fri, Jun 11, 1999 at 06:52:35PM -0500, Aaron Hillegass wrote:
> 
> 
> The file read in has 344 packets.  The filtered set has 112 packets.  My
> count is 345.  I get the same results if I use cf.plist_first.
> 
> Two questions:
>    Why isn't it 344? (The contexts of the entire file)

Because in file.c we incorrectly use g_list_alloc() to create a list. I
do the same in wiretap. This code was written before good documenation
on GLIB was available. As I learned from http://www.gtk.org/rdp/,
g_list_alloc() simply creates a null node, so the head of our list is
always a node with a null data value. We should just say:

	cf->plist = NULL;

And the first time we append a node to the list, GLIB takes care of
everything. I'm guilty of this in wiretap, and I need to fix it.

>    Where can I get the list of filtered packets? (Which would have a
> count of 112.)

The filtering is done before the packets ever get to you. libpcap or
wiretap, if you're using it, process the packets with the filter, and
only gives you the packets that pass through the fliter. If you are
seeing otherwise, I believe something is wrong in ethereal.
 
> Thanks a bunch,
> Aaron Hillegass
> aaron@xxxxxxxxxxxx

--gilbert