Wireshark · Wireshark-dev: Re: [Wireshark-dev] Display Filter Macros of currently selected packet fields?

Wireshark-dev: Re: [Wireshark-dev] Display Filter Macros of currently selected packet fields?

From: "Luis EG Ontanon" <luis.ontanon@xxxxxxxxx>

Date: Mon, 30 Jul 2007 15:21:23 +0200

Where in gtk/*.c a packet gets selected?


On 7/25/07, Luis EG Ontanon <luis.ontanon@xxxxxxxxx> wrote:
> On 7/25/07, Ulf Lamping <ulf.lamping@xxxxxx> wrote:
> > Luis EG Ontanon schrieb:
> > > On 7/25/07, Luis EG Ontanon <luis.ontanon@xxxxxxxxx> wrote:
> > >
> > >> If we consider this dynamic condition that a filter can be correct or
> > >> incorrect depending on when it is compiled this is feasable (and a
> > >> nice feature too!)...
> > >>
> > >
> > > One last thing I will have to redissect the selected frame each time a
> > > the filter is entered...
> > >
> > > how do I do that?
> > >
> > Without having a look at the code: I would think that's done mostly the
> > same way when a packet is selected in the packet list today.
> >
> > But do you really have to redissect the packet? The protocol tree for
> > the selected packet is already existing, so scanning the filter string
> > for the field names and replacing them with the current values might
> > simply work, but I'm probably too optimistic here ;-)
>
> Yes you are optimistic... "the tree" would belong to the last
> dissected packet... which often is the selected one but there are
> cases (e.g. live capture) where "the tree" is not the one of the
> selected frame.
>
> However I thought that what I have to do is to "cache" the represented
> strings when the packet is selected and somehow pass that cache to the
> dfmacro engine.
>
> I think these "dynamic-macros" will be $[field.name] using '['
> instead of '{'  for these will make everything much simpler.
>
>
> > Regards, ULFL
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
>
>
> --
> This information is top security. When you have read it, destroy yourself.
> -- Marshall McLuhan
>


-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan

Follow-Ups:
- Re: [Wireshark-dev] Display Filter Macros of currently selected packet fields?
  - From: Luis EG Ontanon

References:
- [Wireshark-dev] Display Filter Macros of currently selected packet fields?
  - From: Ulf Lamping
- Re: [Wireshark-dev] Display Filter Macros of currently selected packet fields?
  - From: Luis EG Ontanon
- Re: [Wireshark-dev] Display Filter Macros of currently selected packet fields?
  - From: Luis EG Ontanon
- Re: [Wireshark-dev] Display Filter Macros of currently selected packet fields?
  - From: Luis EG Ontanon
- Re: [Wireshark-dev] Display Filter Macros of currently selected packet fields?
  - From: Ulf Lamping
- Re: [Wireshark-dev] Display Filter Macros of currently selected packet fields?
  - From: Luis EG Ontanon

Prev by Date: [Wireshark-dev] review_for_checkin granted: [Bug 1712] Add 'application/json' to list of text media types
Next by Date: Re: [Wireshark-dev] Display Filter Macros of currently selected packet fields?
Previous by thread: Re: [Wireshark-dev] Display Filter Macros of currently selected packet fields?
Next by thread: Re: [Wireshark-dev] Display Filter Macros of currently selected packet fields?
Index(es):
- Date
- Thread