Ethereal-users: Re: [Ethereal-users] Parse error in filter screen.. ?
On Thu, Jan 25, 2001 at 02:22:38PM +0800, Visser, Martin (SNO) wrote:
> Maybe when someone gets a chance we should look at changing the "Filter"
> button to actually understand the context it is in
The underlying code, at least at the top of the CVS tree, *does*
understand that - depending on the context, the "Filter" button either
causes "capture_filter_construct_cb()" or
"display_filter_construct_cb()" to be called.
However:
> and either "dim out" the
> wrong filter type , save display /capture filters with a different flag, or
> even convert between the two (where possible)
the file in which filters are stored currently doesn't distinguish
between capture and display filters; the file just has lines consisting
of a quoted string containing the filer name and a list of tokens that
make up the filter expression.
I.e., the problem isn't with the filter dialog box code understanding
the context, it's with Ethereal simply not distinguishing, in the filter
list, between capture and display filters.
Were we to distinguish between them, we'd probably want to have two
separate files.
Note, though, that
1) tcpdump supports a "-F" flag, giving the name of a file
containing a filter expression;
2) Network Monitor, in a surprisingly UNIXy move from Microsoft
:-), stores filters as individual files in two separate
directories, one for capture filters and one for display
filters;
which suggests that we might want to think about doing it the way NetMon
does (which won't get in the way of giving filters names with spaces in
them, it'd just get in the way of conveniently handing them, if they're
capture filters, to "tcpdump"; it *would*, however, get in the way of
giving the name "TCP/UDP" to a filter that does "tcp && udp" - you can't
do the equivalent in NetMon either, of course, as "/" as well as "\" are
disallowed in Windows file names).
