On Wed, Jan 24, 2001 at 02:31:38PM -0600, Frank Singleton wrote:
> Hi,
>
> quick question:
>
> I wanted to add some new FT_ types and browsed proto.[ch]
>
> Is this the only place that needs modifying, or have
> I missed something ?
In the current form, a new FT type would have to be worked in
by modifying proto.c, dfilter.c, dfilter-scanner.l and
dfilter-grammar.y.
You might want to wait on updating all those. I've been working
on some major changes to both the FT_* type system and the
display filter code. The FT_* types are modularized and moved
into a separate directory under epan, and the display filter
code is re-written to be a lot cleaner, simpler, and modifiable.
I've sent a code drop of these changes only to Ed Warnicke, since
he recently proposed and implemented dranges for the dfilter system.
I would have to work his drange code into this new dfilter re-write.
You can see a tarball of the work in progress at:
http://www.xiexie.org/ethereal/ethereal-20010123.tar.gz
In that code, tethereal works with the new dfilter stuff, but
ethereal doesn't yet. Also, there is a new exectuable called
"dftest" which accepts a display filter on the command line and
prints out the bytecode for that display filter. In the new
system, display filters are tokenized into byte code, much like
BPF programs in libpcap, but the dfilter operands are higher-level
operations.
In the above tarball, comparison testing (==, !=, etc) works only
for integers, booleans, and ipv4 addresses. I have to implement
the rest still. Checking for the existence of fields/protocols
works, as do logical operations (and, or, not).
Once this new FT_* system is in place, adding a new "ftype"
will be a whole lot easier.
--gilbert
