On Wed, Jul 26, 2000 at 02:23:27PM +0900, Richard Sharpe wrote:
> There is, in my view, a big problem with display filtering.
>
> display filters are of the form:
>
> arp.hw.type == 1
>
> But the hw.type bears little relationship with the field displayed in the
> tree view, which is "Hardware type".
Another problem is that "1" means nothing to somebody who hasn't
memorized the ARP spec; it'd be nice to be able to filter on "enumerated
data type" fields, such as "arp.hw.type", using either a numerical value
*or* a name from the "value_string" table associated with that field,
e.g.
arp.hw.type == {Experimental Ethernet}
or
arp.hw.type == "Experimental Ethernet"
(Yes, I know, 1 is Ethernet, not Xerox's old 16-bit-address 3Mb
Ethernet, but "Ethernet" is one word and "Experimental Ethernet" is 2,
and I needed an example that required some way of enclosing the name.)
> 1. Add code that allows users to find the mapping between field names and
> the name in the tree view.
E.g., a GUI for constructing filter expressions, such as Network Monitor
has.
I'd vote for that.
> 2. Add code so that filtering can be done at run time based on the tree
> view names. This will mean that the parser will be more difficult, I suspect.
And there's the risk that more than one field may have the same tree
view name, which, at best, would require even more parser work to figure
out, from context, what the user meant (and, at worst, renders the
expression intrinsically ambiguous if there's no amount of context
sufficient to distinguish between them).
