PcapFileEx.DisplayFilter (pcap_file_ex v0.5.5)

View Source

Wireshark-style display filters for PcapFileEx.

Supports boolean expressions with comparison operators over packet metadata and decoded payloads.

PcapFileEx.stream("sample.pcapng")
|> PcapFileEx.DisplayFilter.filter("ip.src == 127.0.0.1 && tcp.srcport == 8899")
|> Enum.to_list()

Supports standard fields like ip.src, ip.dst, tcp.srcport, tcp.dstport, udp.srcport, udp.dstport, and others.

Summary

Types

compiled_filter()

Functions

compile(expression)

Compiles a display filter expression into a function that accepts a %Packet{}.

filter(enumerable, expression)

Applies a display filter expression inline in a pipeline.

run(enumerable, fun)

Applies a compiled filter function to a stream/list of packets.

Types

compiled_filter()

@type compiled_filter() :: (PcapFileEx.Packet.t() -> boolean())

Functions

compile(expression)

@spec compile(String.t()) :: {:ok, compiled_filter()} | {:error, String.t()}

Compiles a display filter expression into a function that accepts a %Packet{}.

filter(enumerable, expression)

@spec filter(Enumerable.t(), String.t()) :: Enumerable.t()

Applies a display filter expression inline in a pipeline.

Raises ArgumentError if the expression is invalid.

run(enumerable, fun)

@spec run(Enumerable.t(), compiled_filter()) :: Enumerable.t()

Applies a compiled filter function to a stream/list of packets.