Wireshark-dev: Re: [Wireshark-dev] Its possible to build and run wireshark from IDE
Hello Tomer,
W dniu 2018-11-08 10:46, Guy Harris napisał(a):
On Nov 8, 2018, at 12:52 AM, Dario Lombardo <lomato@xxxxxxxxx> wrote:
On Wed, Nov 7, 2018 at 5:39 PM Tomer Bar <tomer.turmanbar@xxxxxxxxx>
wrote:
i want to expose the validation of the display filter and use it like
service?
any idea?
Do you want to do it programmatically (I mean you have a C code and
you want to link with wireshark in some way) or can you do it running
binary tshark?
If the latter, you can run "tshark -Y FILTER" and check the return
code. 2 means error in the filter. You need something more that that,
but it may be a starting point.
Or use "dftest FILTER" - redirect its standard output and error to the
null device (/dev/null on UN*X or NUL: on Windows), and check the exit
status - again, 2 is an error, 0 is no error:
(...)
if you would like to have JSON output instead you can use sharkd:
$ echo '{"req":"check","filter":"ip.addr == 127.0.0.1"}' |
build/run/sharkd - 2>/dev/null
{"err":0,"filter":"ok"}
for HTTP service you can use demo.webshark.io:
$ wget -q -O -
'http://demo.webshark.io/webshark/json?req=check&filter=ip.addr !=
127.0.0.1'; echo
{"err":0,"filter":"warn"}
filter JSON key can be also like:
{"err":0,"filter":"\"foobar\" is not a valid hostname or IPv4
address."}
<self:advertisement />