Wireshark-dev: Re: [Wireshark-dev] Its possible to build and run wireshark from IDE
From: Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx>
Date: Thu, 08 Nov 2018 21:00:38 +0100
Hello Tomer,

W dniu 2018-11-08 10:46, Guy Harris napisał(a):
On Nov 8, 2018, at 12:52 AM, Dario Lombardo <lomato@xxxxxxxxx> wrote:

On Wed, Nov 7, 2018 at 5:39 PM Tomer Bar <tomer.turmanbar@xxxxxxxxx> wrote:
i want to expose the validation of the display filter and use it like service?
any idea?

Do you want to do it programmatically (I mean you have a C code and you want to link with wireshark in some way) or can you do it running binary tshark? If the latter, you can run "tshark -Y FILTER" and check the return code. 2 means error in the filter. You need something more that that, but it may be a starting point.

Or use "dftest FILTER" - redirect its standard output and error to the
null device (/dev/null on UN*X or NUL: on Windows), and check the exit
status - again, 2 is an error, 0 is no error:
(...)

if you would like to have JSON output instead you can use sharkd:

$ echo '{"req":"check","filter":"ip.addr == 127.0.0.1"}' | build/run/sharkd - 2>/dev/null
{"err":0,"filter":"ok"}

for HTTP service you can use demo.webshark.io:

$ wget -q -O - 'http://demo.webshark.io/webshark/json?req=check&filter=ip.addr != 127.0.0.1'; echo
{"err":0,"filter":"warn"}

filter JSON key can be also like:
{"err":0,"filter":"\"foobar\" is not a valid hostname or IPv4 address."}

<self:advertisement />