Ethereal: Re: [ethereal-dev] 0.7.7: Problems filtering ip.addr with

Ethereal-dev: November 1999

Subject: Re: [ethereal-dev] 0.7.7: Problems filtering ip.addr with < or > operators
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Mon, 1 Nov 1999 22:39:14 -0800

> > I have recently been thinking about how to represent subnets within
> > the display filter routines, so that something like:
> > 
> >       ip.addr ne 192.168.1.0/24
> > 
> > would match a packet with either IP address not on your Class-C subnet.
> > 
> > Would that be a viable solution?
> >
> Sure, although I can certainly imagine cases where filtering with
> relational operators is still nice (e.g. some clusters which are not
> grouped together in a subnet).

Hmm.

All of:

	ip.addr ne 192.168.1.0/24

	ip.addr < 192.168.1.1

require that relational operators mean something special for IP
addresses.

In addition, capture filters also, if you do

	ip addr hello.sailor.com

don't do a simple comparison - that filter compares the source and
destination address against *all* the IP addresses of
"hello.sailor.com", if there's more than one IP address associated with
that name.

We might want to do that with display filters as well.

Given that, perhaps IP addresses should have their own
"check_relation_XXX()" routine, that

	1) handles equality/inequality comparisons against network
	   addresses such as "192.168.1.0/24";

	2) handles order comparisons by doing them with values in the
	   right byte order;

	3) handles equality/inequality comparisons against lists of IP
	   addresses.

Prev by Date: [ethereal-dev] Ethereal mirror at boehm.org
Next by Date: [ethereal-dev] ethereal-0.7.7 - hangs in recvfrom() on RH6.1
Previous by thread: [ethereal-dev] Ethereal mirror at boehm.org
Next by thread: [ethereal-dev] ethereal-0.7.7 - hangs in recvfrom() on RH6.1
Index(es):
- Date
- Thread

Ethereal

Re: [ethereal-dev] 0.7.7: Problems filtering ip.addr with < or > operators

Ethereal-dev: November 1999