Committed revision 21746. >Is there a way to filter on a computed value without adding a field for the >computed value? This isn't something I've ever needed to do with Wireshark >before.
To be able to use the "normal" filters it need to be added with proto..() It does not have to be visible in the three though it can be added with proto_..hidden() but this use is discouraged as no one will find the filter :) You can also mark an item as generated by using PROTO_ITEM_SET_GENERATED() >Are there any dissectors that allow a list of ports to be specified in the >prefs. that I could use a model for the netflow prefs.? See packet-tcap.c for the range field. Regards Anders -----Ursprungligt meddelande----- Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] För Andrew Feren Skickat: den 10 maj 2007 23:53 Till: [email protected] Ämne: [Wireshark-dev] netflow patch and questions This patch collapses start and end time for each flow to a single duration item. The duration item can, of course, be expanded to display the start and end time. This started because I needed to write a filter like the following: (cflow.timeend - cflow.timestart) > 1800 Is there a way to filter on a computed value without adding a field for the computed value? This isn't something I've ever needed to do with Wireshark before. While I was creating this patch I thought of something else I'd like to fix. It would be nice if the netflow dissector could be configured to dissect packets sent on a list of ports. Currently the cflow (aka netflow) prefs. allow one port # to be changed. The netflow dissector also defines an IPFIX port that can't be changed from prefs. Are there any dissectors that allow a list of ports to be specified in the prefs. that I could use a model for the netflow prefs.? I poked aroud a little, but didn't see anything obvious. -Andrew -Andrew Feren [EMAIL PROTECTED] _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
