On Thu, Jan 11, 2001 at 09:12:14AM +0100, Hesmert Albrecht ICM N MC MI SI 1 wrote:
> I don't know it either. I do use filtering very often.
> When I get the message 'cannot parse filter string' I am never shure
> whether I did a typo or I used the wrong syntax. May be you could
> add some hint to this error message, e.g. the position in the string
> where the parsing failed (like when you enter wrong strings in nawk)
Unfortunately, to do that for capture filter errors, that'd require
changing the parser - which isn't part of Ethereal. (I'm also one of
the contributors to tcpdump.org, so I could do that, but it'd require
installing a new version of libpcap.)
> I think a similar syntax for both filters would be very useful for
> novice users (although experiencecd users might be confused by the change)
My intent is to have Ethereal attempt to parse the capture filter with
its own parser and then:
if that succeeds, generate a libpcap-style filter and have
libpcap parse that;
if that fails, pass the filter directly to libpcap;
so that the old syntax would continue to work (except for cases where
the expression could be interpreted either as an old-style or new-style
expression, but I suspect that in those cases where it could be so
interpreted, it'd mean the same thing in both cases, e.g. "tcp" would
capture only TCP frames).
