diff options
| author | João Valverde <j@v6e.pt> | 2023-10-30 18:28:08 +0000 |
|---|---|---|
| committer | João Valverde <j@v6e.pt> | 2023-10-31 08:50:54 +0000 |
| commit | 49f39be301c2c21c760cb5496083ae3e8d534013 (patch) | |
| tree | becc76cc4a3365e97e74abca0e546f1d6f875a4c /doc | |
| parent | 96f0f487d7b05c85170234b3f71c848cc334c243 (diff) | |
dfilter: Add IP address plugin
Add a display filter plugin with functions to test IP addresses.
This extends the display filter features with some more specialized
functions and serves as an example on how to write a display
filter plugin.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/release-notes.adoc | 3 | ||||
| -rw-r--r-- | doc/wireshark-filter.adoc | 14 |
2 files changed, 17 insertions, 0 deletions
diff --git a/doc/release-notes.adoc b/doc/release-notes.adoc index ca6b00fbf8..7a1ad16f05 100644 --- a/doc/release-notes.adoc +++ b/doc/release-notes.adoc @@ -64,6 +64,9 @@ The following features are new (or have been significantly updated) since versio ** Display filter references can be written without curly braces. It is now possible to write `$frame.number` instead of `${frame.number}` for example. + ** Added new display filter functions to test various IP address properties. + Check the wireshark-filter(5) manpage for more information. + * Display filter autocompletions now also include display filter functions. //=== Removed Features and Support diff --git a/doc/wireshark-filter.adoc b/doc/wireshark-filter.adoc index cd10622a02..69b3d86e87 100644 --- a/doc/wireshark-filter.adoc +++ b/doc/wireshark-filter.adoc @@ -160,6 +160,20 @@ gives you all the odd packets. max() and min() take any number of arguments and returns one value, respectively the largest/smallest. The arguments must all have the same type. +There is also a set of functions to test IP addresses: + + ip_special_name(ip) - Returns the IP special-purpose block name as a string + ip_special_mask(ip) - Returns the IP special-purpose block flags as a mask. The bits are: + 4 3 2 1 0 + --------- + S D F G R + S = source, D = Destination, F = Forwardable, G = Globally-reachable, R = Reserved-by-protocol + + ip_linklocal(ip) - true if the IPv4 or IPv6 address is link-local + ip_multicast(ip) - true if the IPv4 or IPv6 address is multicast + ip_rfc1918(ipv4) - true if the IPv4 address is private-use (from the allocation in RFC 1918) + ip_ula(ipv6) - true if the IPv6 address is unique-local (ULA) as in RFC 4193 + === Protocol field types Each protocol field is typed. The types are: |