Revision history [back]

A "vintage" answer from 2012.

There is the dftest command for testing display filters.

Shell script to make a long test filter.

#!/bin/sh

# chuckc - Fri Apr 24 14:53:58 CDT 2020
# Make a very long display filter

echo "(ip or tcp or udp or"

INDEX=0
while [ $INDEX -lt 1000 ]
do
echo "frame contains \"$INDEX data: 123456789abcdefghijklmnopqrstuvwxyz\" or"
    INDEX=`expr $INDEX + 1`
done

echo "frame contains \"$INDEX EOF: 123456789abcdefghijklmnopqrstuvwxyz\")"

Save output to a file then read into dftest:

$ ./make_dfilter_long > dfilter.long
$ dftest `cat ./dfilter.long` | tail -10
04000 ANY_CONTAINS      reg#0 contains reg#999
04001 IF-TRUE-GOTO      4009
04002 READ_TREE         frame -> reg#0
04003 IF-FALSE-GOTO     4009
04004 ANY_CONTAINS      reg#0 contains reg#1000
04005 IF-TRUE-GOTO      4009
04006 READ_TREE         frame -> reg#0
04007 IF-FALSE-GOTO     4009
04008 ANY_CONTAINS      reg#0 contains reg#1001
04009 RETURN
$

A "vintage" answer from 2012.

There is the dftest command for testing display filters.

Shell script to make a long test filter.

#!/bin/sh

# chuckc - Fri Apr 24 14:53:58 CDT 2020
# Make a very long display filter

echo -n "(ip or tcp or udp or"
or "

INDEX=0
while [ $INDEX -lt 1000 ]
do
echo -n "frame contains \"$INDEX data: 123456789abcdefghijklmnopqrstuvwxyz\" or"
or "
    INDEX=`expr $INDEX + 1`
done

echo "frame contains \"$INDEX EOF: 123456789abcdefghijklmnopqrstuvwxyz\")"

Save output to a file then read into dftest:

$ ./make_dfilter_long > dfilter.long
$ dftest `cat ./dfilter.long` | tail -10
04000 ANY_CONTAINS      reg#0 contains reg#999
04001 IF-TRUE-GOTO      4009
04002 READ_TREE         frame -> reg#0
04003 IF-FALSE-GOTO     4009
04004 ANY_CONTAINS      reg#0 contains reg#1000
04005 IF-TRUE-GOTO      4009
04006 READ_TREE         frame -> reg#0
04007 IF-FALSE-GOTO     4009
04008 ANY_CONTAINS      reg#0 contains reg#1001
04009 RETURN
$