Ethereal-dev: [ethereal-dev] Problems with display filtering

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Richard Sharpe <sharpe@xxxxxxxxxx>
Date: Wed, 26 Jul 2000 14:23:27 +0900
Hi,

There is, in my view, a big problem with display filtering.

display filters are of the form:

  arp.hw.type == 1

But the hw.type bears little relationship with the field displayed in the
tree view, which is "Hardware type".

A user has to look in the man page, or the source, to figure out what the
field name is, and dissector writers have to update the documentation when
they add new fields, or no one will know about them.

This is a very poor situation.

I can think of a couple of ways around this:

1. Add code that allows users to find the mapping between field names and
the name in the tree view. Such information is available in the
registration table that a dissector provides to allow filtering.

2. Add code so that filtering can be done at run time based on the tree
view names.  This will mean that the parser will be more difficult, I suspect.


Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba