Share via

FILTEROBJECT

  • Article

The FILTEROBJECT structure defines a single object of a display filter. The FilterAddObject function uses FILTEROBJECT to build a display filter.

typedef struct _FILTEROBJECT {
  FILTERACTIONTYPE Action;
  HPROPERTY hProperty;
  union {
    VALUETYPE Value;
    HPROTOCOL hProtocol;
    LPVOID lpArray;
    LPPROTOCOLTABLETYPE lpProtocolTable;
    LPADDRESS lpAddress;
    ULPLARGEINT lpLargeInt;
    ULPTIME lpTime;
    LPOBJECT_IDENTIFIER lpOID;
  };
  union {
    WORD ByteCount;
    WORD ByteOffset;
  };
  struct _FILTEROBJECT* pNext;
} FILTEROBJECT, 
 *LPFILTEROBJECT;

Members

  • Action
    Flag that specifies the FILTEROBJECT action. A flag can specify a property, value, or operator.

    The following table lists Action member property flags.

    Value Meaning
    FILTERACTION_PROPERTY Contains this property.
    FILTERACTION_PROPERTYEXIST Indicates that a filter action property is already defined.

    The following table lists Action member value flags.

    Value Meaning
    FILTERACTION_VALUE Contains this value.
    FILTERACTION_STRING Contains this string.
    FILTERACTION_ARRAY Contains this array.
    FILTERACTION_CONTAINSNC Indicates that a property contains a case-insensitive substring.
    FILTERACTION_CONTAINS Indicates that a property contains a case sensitive substring.
    FILTERACTION_ADDRESS Contains the MAC address.
    FILTERACTION_ADDRESSANY Matches any MAC address.
    FILTERACTION_FROM Indicates the From MAC address.
    FILTERACTION_TO Indicates the To MAC address.
    FILTERACTION_FROMTO Indicates a From/To pairing of MAC addresses.
    FILTERACTION_LARGEINT Contains a large integer.
    FILTERACTION_TIME Contains a SYSTEMTIME structure.
    FILTERACTION_ADDR_ETHER Contains an Ethernet MAC address.
    FILTERACTION_ADDR_TOKEN Contains a token ring MAC address.
    FILTERACTION_ADDR_FDDI Contains a FDDI MAC address.
    FILTERACTION_ADDR_IPX Contains an IPX MAC address.
    FILTERACTION_ADDR_IP Contains an IP MAC address.
    FILTERACTION_OID Contains an Object Identifier (OID).

    The following table lists Action member operator flags.

    Value Meaning
    FILTERACTION_INVALID Indicates an invalid filter action.
    FILTERACTION_AND Indicates a logical AND statement.
    FILTERACTION_OR Indicates a logical OR statement.
    FILTERACTION_XOR Indicates a logical exclusive OR (XOR) statement.
    FILTERACTION_NOT Indicates a logical NOT statement.
    FILTERACTION_EQUALNC Filter action is equal and case insensitive.
    FILTERACTION_EQUAL Filter action is equal and case sensitive.
    FILTERACTION_NOTEQUALNC Logical NOT statement is equal and case insensitive.
    FILTERACTION_NOTEQUAL Logical NOT statement is equal and is case sensitive.
    FILTERACTION_GREATERNC Filter action is greater than (>) and case insensitive.
    FILTERACTION_GREATER Filter action is greater than (>) and case sensitive.
    FILTERACTION_LESSNC Filter action is less than (<) and case insensitive.
    FILTERACTION_LESS Filter action is less than (<) and case sensitive.
    FILTERACTION_GREATEREQUALNC Filter action is greater than or equal to (>=) and case insensitive.
    FILTERACTION_GREATEREQUAL Filter action is greater than or equal to (>=) and case sensitive.
    FILTERACTION_LESSEQUALNC Filter action is less than or equal to (<=) and case insensitive.
    FILTERACTION_LESSEQUAL Filter action is less than or equal to (<=) and is case sensitive.
    FILTERACTION_PLUS Add operator (+).
    FILTERACTION_MINUS Subtract operator (-).
    FILTERACTION_AREBITSON Indicates a bitwise operation.
    FILTERACTION_AREBITSOFF Indicates a non-bitwise operation.
    FILTERACTION_PROTOCOLSEXIST Indicates that the selected protocols exist.
    FILTERACTION_PROTOCOLEXIST Indicates that the selected protocol exists.
    FILTERACTION_ARRAYEQUAL Indicates that array contents are equal. The flag must be used with a FILTERACTION_ARRAY structure.
    FILTERACTION_DEREFPROPERTY Describes a pattern match at an offset (in bytes), from the protocol.
    FILTERACTION_OID_CONTAINS Evaluates a substring within an object identifier. The action must be used with the FILTERACTION_OID structure.
    FILTERACTION_OID_BEGINS_WITH Evaluates a substring that begins an object identifier. The flag must be used with FILTERACTION_OID.
    FILTERACTION_OID_ENDS_WITH Evaluates a substring that ends an object identifier. The flag must be used with FILTERACTION_OID.
    FILTERACTION_ADDR_VINES Contains a Vines MAC address.
    FILTERACTION_EXPRESSION Contains an action expression.
    FILTERACTION_BOOL Contains a BOOL data type.
    FILTER_DIRECTION_NEXT Controls sequential direction (Next frame) within a capture file.
    FILTER_DIRECTION_PREV Controls sequential direction (Previous frame) within a capture file.

  • hProperty
    Handle to a property key.

  • Value
    Value of an object.

  • hProtocol
    Handle to display filter protocol.

  • lpArray
    Pointer to an array.

  • lpProtocolTable
    Pointer to a protocol list designed to test the existence of protocol in a frame.

  • lpAddress
    Pointer to the kernel type address. For example, MAC or IP.

  • lpLargeInt
    Double DWORD used in a Windows NT or Windows 2000 application.

  • lpTime
    A pointer to a SYSTEMTIME structure.

  • lpOID
    A pointer to the OBJECT_IDENTIFIER (OID) structure.

  • ByteCount
    The number, in bytes, in the frame.

  • ByteOffset
    The offset byte value of the FILTEROBJECT structure used to compare arrays.

  • pNext
    Reserved.

Requirements

Client Requires Windows XP, Windows 2000 Professional, or Windows NT Workstation 4.0.
Server Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.
Header

Declared in Netmon.h.