Revision history [back]
How to filter by item?
I developed a proprietary dissector and a packet contains several messages.
proto_body = proto_register_protocol("Body", "BODY", "body");
For each message, I add:
proto_item *ti_body = proto_tree_add_item(tree, proto_body, tvb, HEADER_SIZE, length-4, ENC_NA);
proto_tree *tree_body = proto_item_add_subtree(ti_body, ett_body);
Nevertheless, when I filter, it filters what a packet contain.
If each message has a name and family fields, doing body.name==alex and body.family==human
, it will filter all the packets containing these 2 conditions, but not in the same item.
Let's say it would accept a packet with 2 messages:
[0]
name=marcus
family=human --> condition OK
[1]
name=alex
family=cat --> condition OK
But I want it to filter only if the conditions are true in a single message.
[0]
name=alex --> condition OK
family=cat --> condition OK
Regards,
How to filter by item?
I developed a proprietary dissector and a packet contains several messages.
proto_body = proto_register_protocol("Body", "BODY", "body");
For each message, I add:
proto_item *ti_body = proto_tree_add_item(tree, proto_body, tvb, HEADER_SIZE, length-4, ENC_NA);
proto_tree *tree_body = proto_item_add_subtree(ti_body, ett_body);
Nevertheless, when I filter, it filters what a packet contain.
If each message has a name and family fields, doing body.name==alex
, it will filter all the packets containing these 2 conditions, but not in the same item.and && body.family==human
Let's say it would accept a packet with 2 messages:
[0]
name=marcus
family=human --> condition OK
[1]
name=alex
family=cat --> condition OK
But I want it to filter only if the conditions are true in a single message.
[0]
name=alex --> condition OK
family=cat --> condition OK
Regards,