2 files changed, 54 insertions, 5 deletions

diff --git a/epan/follow.c b/epan/follow.c
index 4e26a5bad7..ed930c12b4 100644
--- a/epan/follow.c
+++ b/epan/follow.c
@@ -58,7 +58,7 @@ FILE* data_out_file = NULL;
 gboolean empty_tcp_stream;
 gboolean incomplete_tcp_stream;
 
-static guint32 tcp_stream_to_follow;
+static guint32 tcp_stream_to_follow = 0;
 static guint8  ip_address[2][MAX_IPADDR_LEN];
 static guint   port[2];
 static guint   bytes_written[2];
@@ -80,12 +80,12 @@ follow_stats(follow_stats_t* stats)
 	}
 }
 
-/* this will build libpcap filter text that will only
+/* This will build a display filter text that will only
    pass the packets related to the stream. There is a
    chance that two streams could intersect, but not a
    very good one */
-char*
-build_follow_filter( packet_info *pi ) {
+gchar*
+build_follow_conv_filter( packet_info *pi ) {
   char* buf;
   int len;
   conversation_t *conv=NULL;
@@ -148,6 +148,15 @@ static gboolean         find_tcp_addr;
 static address          tcp_addr[2];
 static gboolean         find_tcp_index;
 
+gchar*
+build_follow_index_filter(void) {
+  gchar *buf;
+
+  find_tcp_addr = TRUE;
+  buf = g_strdup_printf("tcp.stream eq %d", tcp_stream_to_follow);
+  return buf;
+}
+
 /* select a tcp stream to follow via it's address/port pairs */
 gboolean
 follow_tcp_addr(const address *addr0, guint port0,
@@ -192,6 +201,10 @@ follow_tcp_index(guint32 indx)
     return FALSE;
   }
 
+  if (indx > get_tcp_stream_count()) {
+    return FALSE;
+  }
+
   find_tcp_addr = TRUE;
   tcp_stream_to_follow = indx;
   memset(ip_address, 0, sizeof ip_address);
@@ -200,6 +213,11 @@ follow_tcp_index(guint32 indx)
   return TRUE;
 }
 
+guint32
+get_follow_tcp_index(void) {
+  return tcp_stream_to_follow;
+}
+
 /* here we are going to try and reconstruct the data portion of a TCP
    session. We will try and handle duplicates, TCP fragments, and out
    of order packets in a smart way. */
diff --git a/epan/follow.h b/epan/follow.h
index cd92221aa5..b1e02dbcad 100644
--- a/epan/follow.h
+++ b/epan/follow.h
@@ -46,12 +46,43 @@ typedef struct _tcp_stream_chunk {
   guint32     dlen;
 } tcp_stream_chunk;
 
+/** Build a follow filter based on the current packet's conversation.
+ *
+ * @param packet_info[in] The current packet.
+ * @return A filter that specifies the conversation. Must be g_free()d
+ * the caller.
+ */
+WS_DLL_PUBLIC
+gchar* build_follow_conv_filter( packet_info * );
+
+/** Build a follow filter based on the current TCP stream index.
+ * follow_tcp_index() must be called prior to calling this.
+ *
+ * @return A filter that specifies the current stream. Must be g_free()d
+ * the caller.
+ */
 WS_DLL_PUBLIC
-char* build_follow_filter( packet_info * );
+gchar* build_follow_index_filter(void);
+
 WS_DLL_PUBLIC
 gboolean follow_tcp_addr( const address *, guint, const address *, guint );
+
+/** Select a TCP stream to follow via its index.
+ *
+ * @param addr[in] The stream index to follow.
+ * @return TRUE on success, FALSE on failure.
+ */
 WS_DLL_PUBLIC
 gboolean follow_tcp_index( guint32 );
+
+/** Get the current TCP index being followed.
+ *
+ * @return The current TCP index. The behavior is undefined
+ * if no TCP stream is being followed.
+ */
+WS_DLL_PUBLIC
+guint32 get_follow_tcp_index(void);
+
 void reassemble_tcp( guint32, guint32, guint32, guint32, const char*, guint32,
                      int, address *, address *, guint, guint );
 WS_DLL_PUBLIC