I agree. They look the same function, except for the limit about types. They look a bit confusing at a first glance. Unless they're needed for something, I'd remove one.
On Mon, Jan 7, 2019 at 2:14 PM Peter Wu <pe...@lekensteyn.nl> wrote: > The online manual reflects 2.6.5, but the manual was updated in master, > https://code.wireshark.org/review/27146 > > Perhaps size should be removed (as argued in that commit message)? > > Kind regards, > Peter > > On Sun, Jan 06, 2019 at 02:20:22PM +0000, Michael Mann via Wireshark-dev > wrote: > > len - Checks the string length of "string types" (FT_STRING, FT_STRINGZ, > FT_UINT_STRING, FT_STRINGZPAD) or array length of "byte types" (FT_BYTES, > FT_UINT_BYTES) and does a compare. > > Examples:len(smpp.message_id) > 10len(smpp.message) > 25 > > size - Checks the size of the field in a packet. Can be used for > strings/bytes like len() above, but can also be used for integer fields > that vary in length (1-4 bytes) > > Examples:size(eth.type) == 2 (This is just for demonstration > purposes. Obviously the size of the eth.type field could only be 2 but I > couldn't quickly think of a "popular" field with varying integer length) > > size(tcp.options) > 7 > > > > count - Number of times a field is found in a single frame. This can be > used to help identify "tunneling" or if multiple PDUs are in a single frame. > > Examples:count(ip.src) > 1 > > count(smpp.sequence_number) > 1 (Since sequence_number is required > for the packet, having more than one shows frames with multiple PDUs. > > > > > > -----Original Message----- > > From: Dario Lombardo <lom...@gmail.com> > > To: Developer support list for Wireshark <wireshark-dev@wireshark.org> > > Sent: Sun, Jan 6, 2019 4:35 am > > Subject: [Wireshark-dev] dfilter functions > > > > HiI've noticed that the online documentation about dfilter functions > just talks about 2 of them, upper and lower: > > https://www.wireshark.org/docs/man-pages/wireshark-filter.html > > but there are more that are undocumented AFAICS: > > - len- size- count > > Can someone explain me their purpose and give a working example on some > protocol?Thanks.Dario. > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe -- Naima is online.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
