Wireshark · Ethereal-users: Re: [Ethereal-users] How to use/access the display filter functions of ethereal from outside?

Ethereal-users: Re: [Ethereal-users] How to use/access the display filter functions of ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Mon, 25 Jul 2005 11:18:51 -0700

Michel Hautle wrote:

can someone tell me how I can access the display filter functions of
ethereal from the outside? Is there somewhere a documentation which
describes the functions of each library (the name of the function, its
parameters and a little example, ...)?

No - there's no documentation for libethereal (and such documentationcould be viewed as a commitment on our part not to change the APIs, butI, at least, am not ready to make such a commitment).

Or can someone tell me how I might
access the display filter functions from outside?

dfilter_compile() takes a string containing a display filter expressionand a pointer to a "dfilter_t *" (a pointer to a pointer) as arguments,and either:


	returns TRUE and sets that pointer to point to the compiled display filter

or

returns FALSE and sets the global variable "dfilter_error_msg" to pointto a string describing what's wrong with the display filter expression.


(Speaking of API changes, it might make more sense either to

	1) return NULL on success and an error message string on failure

or

2) return the compiled filter pointer on success and NULL on error, andperhaps return the error message through another argument, although thatmight require a bit more internal work so that the parser and lexicalanalyzer have access to a non-global (per-parse) structure into which toput the error message.)

Before running epan_dissect_run() on an epan_dissect_t, callepan_dissect_prime_dfilter() on the epan_dissect_t, supplying thepointer to the dfilter_t. After epan_dissect_run() has finished, calldfilter_apply_edt(), passing it the dfilter_t pointer and theepan_dissect_t pointer; it returns TRUE if the filter passes and FALSEif it doesn't.


Call dfilter_free() when you're done with the filter.

I'm asking because I'd like to use the display filter of ethereal in java
(which should be possible? ->
http://www.eclipse-plugins.info/eclipse/plugin_details.jsp?id=862 ).

Eclipse is an IDE, right? It seems odd to plug a protocol analyzer intoan IDE, unless Eclipse isn't really an IDE, but is more like an entireuniverse/shell, along the lines of GNU EMACS ("the LISP machine thatpretends it's a text editor" :-)).

References:
- [Ethereal-users] How to use/access the display filter functions of ethereal from outside?
  - From: Michel Hautle

Prev by Date: Re: [Ethereal-users] Invalid ICMP Checksum
Next by Date: Re: [Ethereal-users] How do I listen to my dial-up connection?
Previous by thread: [Ethereal-users] How to use/access the display filter functions of ethereal from outside?
Next by thread: [Ethereal-users] Errormessage in ethereal
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$