forked from osmocom/wireshark
80322d88da
Added a new relational test: 'x in {a b c}'. The only LHS entity supported at this time is a field. The generated DFVM operations are equivalent to an OR'ed series of =='s, but with the redundant existence tests removed. Change-Id: Iddc89b81cf7ad6319aef1a2a94f93314cb721a8a Reviewed-on: https://code.wireshark.org/review/10246 Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com> Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
18 lines
701 B
Text
18 lines
701 B
Text
"Ethernet address 00:00:5e:00:53:00" eth.addr == 00:00:5e:00:53:00
|
|
"Ethernet type 0x0806 (ARP)" eth.type == 0x0806
|
|
"Ethernet broadcast" eth.addr == ff:ff:ff:ff:ff:ff
|
|
"No ARP" not arp
|
|
"IPv4 only" ip
|
|
"IPv4 address 192.0.2.1" ip.addr == 192.0.2.1
|
|
"IPv4 address isn't 192.0.2.1 (don't use != for this!)" !(ip.addr == 192.0.2.1)
|
|
"IPv6 only" ipv6
|
|
"IPv6 address 2001:db8::1" ipv6.addr == 2001:db8::1
|
|
"IPX only" ipx
|
|
"TCP only" tcp
|
|
"UDP only" udp
|
|
"Non-DNS" !(udp.port == 53 || tcp.port == 53)
|
|
"TCP or UDP port is 80 (HTTP)" tcp.port == 80 || udp.port == 80
|
|
"HTTP" http
|
|
"No ARP and no DNS" not arp and !(udp.port == 53)
|
|
"Non-HTTP and non-SMTP to/from 192.0.2.1" ip.addr == 192.0.2.1 and not tcp.port in {80 25}
|